Engineers at Cloudflare (NET) and Apple (AAPL) say they’ve developed a new internet protocol that will shore up against “one of the biggest holes in internet privacy.” Dubbed Oblivious DNS-over-HTTPS (ODoH), as Nick Sullivan, Cloudflare’s head of research explains, it is meant to “separate the information about who is making the query and what the query is.”
Every time you go to visit a website, your browser uses a DNS resolver to convert web addresses to machine-readable IP addresses to locate where a web page is located on the internet. But this process is not encrypted, meaning that every time you load a website the DNS query is sent in the clear. That means the DNS resolver — which might be your internet provider unless you’ve changed it — knows which websites you visit. That’s not great for your privacy, especially since your internet provider can also sell your browsing history to advertisers.
Enter ODoH, which decouples DNS queries from the internet user, preventing the DNS resolver from knowing which sites you visit.
ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.
Cloudflare (NET) is a constituent in the Foxberry Tematica Research Cybersecurity & Data Privacy Index.