- Oblivious DoH is a new standard to encrypt and protect DNS queries.
- Your ISP might be selling your browsing information.
- Oblivious DoH would be a great rapper name.
Internet security company Cloudflare and Apple have teamed up to propose a new DNS standard that stops your internet service provider (ISP) from spying on what websites you visit and selling the information.
Every time you click or type a link, your computer has to convert it into an actual address of a hosting computer on the internet. For that, it uses something called DNS, a kind of internet address book. The problem is your computer normally uses your ISP’s DNS server, meaning your ISP can (and probably does) track the sites you visit, and sell your info. Cloudflare and Apple’s new DNS standard, called “Oblivious DoH,” makes this whole process private.
“There are a number of security and privacy issues in how the Internet is built. Over the last decade, most of the focus has been on moving the web from being mostly unencrypted to being encrypted by default with HTTPS,” Nick Sullivan, Cloudflare’s head of research, told Lifewire via email. “Now that over 80% [of] browsing is done with HTTPS, the industry’s attention has shifted to fixing other privacy issues, like those inherent to DNS.”
A Quick DNS Primer
Whenever your browser connects to a website, it’s actually connecting to a computer hosting that site. That computer, like yours, has a numerical IP address. The site you’re reading now, for example, currently has an IP address of 184.108.40.206.
Obviously, it’s easier for humans to remember links rather than numbers, so a DNS server is used to translate. Historically, connections to DNS servers have been unencrypted, and therefore visible to anyone who looks in on the transaction.
Oblivious DoH, or ODoH, makes this connection private, and works by encrypting your DNS and routing it via a proxy server.
The idea is that your home router, or your internet-connected devices, would connect to an ODoH-enabled DNS service, instead of using the default, unprotected DNS server, which is almost certainly the one provided by your ISP. Right now, that’s not possible unless you’re extremely geeky, and can find an ODoH-enabled DNS service to connect to.
Unsurprisingly, Cloudflare’s own DNS service is already capable of this.
“Now that over 80% [of] browsing is done with HTTPS, the industry’s attention has shifted to fixing other privacy issues.”
In the meantime, you can still avoid your ISP’s service by opting for an alternative. You just add the address (220.127.116.11 in the case of Cloudflare) to the provided section in your home router’s configuration pages, and every device in your home will use it automatically. This can provide an encrypted, private connection, but ODoH goes one better.
“By using ODoH, users can have access to a secure, performant, and private DNS service,” says Sullivan. “Users of ODoH will have fewer privacy concerns concerning their DNS data and browsing history. Many DNS providers are privacy-oriented and don’t monetize user data, but ODoH makes the type of data collection that could lead DNS providers down that road impossible.”
ODoH won’t fix internet privacy, but it does plug one more hole, and quite a big one. It’s technical, and hard to deploy right now, but the involvement of Apple means that some time soon, this will probably be built into Macs, iPhones, and iPads.