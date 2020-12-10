Home Technology Tech news Apple partners with Cloudflare for new DNS protocol that better protects your...
Apple partners with Cloudflare for new DNS protocol that better protects your privacy

Called Oblivious-DNS-over-HTTPS, this new protocol – already available from CloudFlare – makes it impossible to collect IP addresses by the DNS server.

After “DNS-over-HTTPS” (DoH), here comes “Oblivious-DNS-over-HTTPS” (ODoH). Developed by engineers from Apple, Cloudflare and Fastly, this new DNS protocol greatly strengthens privacy protection by hiding the user’s IP address from the DNS server, thanks to the insertion two intermediaries, a proxy server and a target server. The first allows you to hide the IP address from the second. The second deploys an end-to-end encryption layer with the client, thus hiding the content of the request from the first.

The result is that neither the proxy server nor the target server have simultaneous access to the client’s IP address and DNS request. In practice, the target server and the DNS server can be in the same physical machine. On the other hand, the proxy must be completely independent from the rest, otherwise ODoH loses its interest. With DoH, DNS queries are certainly encrypted during transport, but the DNS server can know which IP address is viewing which website.

ODoH is a new emerging standard within the IETF. It will likely take years before it is widely deployed. However, CloudFlare has just activated an ODoH service on an experimental basis, in partnership with the companies PCCW Global, Equinix and Surf which play the role of proxy. The first measurements show, unsurprisingly, that ODoH’s performance is worse than simple DoH, not so much due to the encryption as to the addition of intermediaries. But it’s still much better than using DoH over Tor.

Source: Cloudflare

