Cloudflare cooperates with Apple to develop a new Internet protocol to improve DNS Privacy

As the most basic DNS protocol on the Internet, it is easy to leak privacy because it has no encryption. Therefore, encrypted query protocols such as DNS over HTTPS came into being.

Although the encrypted query protocol can effectively prevent operators from snooping on user privacy, it is still not sufficiently secure in nature because analysis providers can snoop on user privacy.

In response to this potential problem, Cloudflare, a well-known network company in the United States, announced that it will cooperate with Apple and Fastly to develop a new agreement.

The new protocol is called Oblivious DNS over HTTPS (ODoH). This improved protocol on DoH helps to avoid the theft of privacy by resolution providers.

“Cloudflare Schriftzug und Wolken-Logo, vergrößert dargestellt unter einer Lupe”by verchmarco is licensed under CC BY 2.0

We know that DNS queries need to go through the server, and the operator can know which websites or pages the user is visiting when the user queries arrive at the server.

The Internet industry believes that this is not secure enough, so encryption is performed on the basis of DNS queries so that operators cannot snoop on encrypted user query data.

Although DoH helps to avoid operators from snooping on data, DoH providers are responsible for processing user query data. In theory, DoH providers can snoop on data.

Therefore, Cloudflare, Apple, and Fastly engineers hope to improve for DoH and provide proxy servers to transfer data at the DoH level.

The new Internet protocol mainly separates the query initiated by the user from the query performed by the server. After the separation, in theory, no one knows who inquires what content.

For example, although the proxy server receives the query and returns the correct content, it does not know who the query is. DoH knows who the query is but does not know the specific encrypted content.

Normally, it takes a long time for the Internet protocol from draft specification to release to use, so the new ODoH protocol is expected to take several years.

Therefore, in a short time, we will definitely not be able to use the new protocol. After all, it is still a problem for many users to use the DoH protocol normally.

Cloudflare said that after preliminary testing, this protocol has almost no effect on the user’s browsing speed, so it is quite necessary as a privacy improvement.

It is envisaged that the DoH provider will be separated from the proxy server provider and controlled by different entities to prevent entity companies from connecting to each other to steal data.

It stands to reason that the alliance between these big companies should help solve this type of problem, but the specific effect may need to wait a few more years before testing.