Engineers from Cloudflare, Apple and Fastly have co-authored a new proposed DNS standard that separates IP addresses from queries to make it harder for internet service providers to know which websites users visit.
The new internet protocol, dubbed Oblivious DNS-over-HTTPS (ODoH), could help close one of the web's worst privacy holes and Cloudflare has made its source code publicly available so that anyone can try out ODoH or even run their own ODoH service.
When a user visits a website, their browser utilizes a DNS resolver to convert the site's web address into a machine-readable IP address in order to locate where a web page is located on the internet. However, this process is not encrypted which means that DNS queries are sent in clear text. To make matters worse, your ISP could be your DNS resolver unless you've changed it, meaning your internet provider may know exactly which websites you visit.
- We've assembled a list of the best database software around
- These are the best cloud storage services on the market
- Also check out our roundup of the best cloud backup services
In order to safeguard DNS from third parties, the IETF standardized DNS encryption with DNS over HTTPS (DoH) and DNS over TLS (DoT). Both of these protocols prevent queries from being intercepted, redirected or modified but don't prevent DNS resolvers from seeing the websites you visit online.
ODoH is the IETF's latest protocol and it works by adding a layer of public key encryption as well as a network proxy between clients and DoH servers. These two added elements guarantee that only the user has access to both the DNS messages and their own IP address at the same time.
As the DNS query is encrypted, the proxy can't see what's inside and instead acts as a barrier to prevent the DNS resolver from seeing who sent the query in the first place. By using ODoH, only the proxy knows the identity of the internet user and the DNS resolver only knows the website being requested which in turn protects the privacy of users online.
In addition to making ODoH's source code publicly available, Cloudflare has launched the new protocol with several leading proxy partners including PCCW, SURF and Equinix. Browser makers are also interested in using the new protocol and Firefox's CTO Eric Rescorla explained in a blog post that it will soon be available in its browser, saying:
“Oblivious DoH is a great addition to the secure DNS ecosystem. We're excited to see it starting to take off and are looking forward to experimenting with it in Firefox.”
Improved privacy is the main goal of introducing ODoH but the new protocol will also prevent ISP's from tracking customers and selling their browsing history to advertisers.
- We've also highlighted the best data loss prevention services
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.