Cloudflare has proposed a DNS standard, co-authored with Apple, that aims to further improve internet privacy.
ODoH, which stands for Oblivious DNS-over-HTTPS, was developed by engineers from Cloudflare, Apple, and Fastly and works by separating IP addresses from queries in order to safeguard users’ browsing habits from third parties, including internet service providers.
The tool works by encrypting a DNS query and passing it through a proxy server between the user and the website they intend on visiting. Due to the DNS query being encrypted, the proxy has no way of identifying its contents and even prevents the DNS resolver from specifying who is the sender of the query.
That is why the ‘O’ in ODoH stands for ‘oblivious’, because, as Cloudflare engineers Sudheesh Singanamalla and Tanya Verma explained on the company’s blog, “the target only knows about the proxy, the target and any upstream resolver are oblivious to the existence of any client IP addresses”.
“This puts clients in greater control over their queries and the ways they might be used. For example, clients could select and alter their proxies and targets any time, for any reason,” they added.
According to Cloudflare, ODoH does not negatively impact performance in any way, making prioritising privacy easier for its users.
The tool was launched with Cloudflare’s proxy partners, including PCCW, SURF, and Equinix. SURF technical product manager Joost van Dijk described the move to ODoH as “a true paradigm shift, where the users’ privacy or the IP address is not exposed to any provider, resulting in true privacy”.
“With the launch of ODoH-pilot, we’re joining the power of Cloudflare’s network to meet the challenges of any users around the globe. The move to ODoH is not only a paradigm shift but it emphasizes how privacy is important to any users than ever, especially during 2020. It resonates with our core focus and belief around Privacy,” he added.
DNS-over-HTTPS has been met with some controversy in the UK due to its conflict with the Investigatory Powers Act, which requires that ISPs at least have the ability to capture information about their customers if so required by the state.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
DNS loophole could allow hackers to carry out “nation-state level spying”News Sensitive data could be accessed from corporate networks using vulnerability
-
What is DMARC and how can it improve your email security?In-depth Protect your customers and brand rep with this email authentication protocol for domain spoofing
-
What is DNS?In-depth We explain what DNS is, how it works, and how outages can be avoided
-
D-Link routers under siege from months-long DNS hackNews The attackers are running malicious IPs through a Google Cloud Platform virtual machine
-
SMBs warned over corrupted SOHO router riskNews Team Cymru researchers claim 300,000 routers may have had their DNS settings changed by cyber criminals.
-
Will the FBI close down your online business this March?In-depth In tackling the DNSChanger botnet, the FBI may take a load of businesses offline. Davey Winder is, unsurprisingly, anxious...
-
DNS Changer botnet smashed in major cyber crime bustNews A botnet that is thought to have earned its controllers $14 million is dismantled.
-
‘Climate of fear’ is best weapon against cyber crimeNews A member of the Serious Organised Crime Agency has claimed cyber criminals are best tackled through fear of prosecution.
