CloudFlare is proposing a new DNS standard developed with Apple Pal that is designed to help me (and a lot of people) turn off the blind spot in Internet privacy measures. TechCrunch). The protocol is called Oblivius DNS over HTTPS (ODoH), and is meant to help keep the information sent before you send it to the website anonymous. Will it help your overall net privacy that is something we’ll deal with in seconds, but first, we need to understand how DNS works, and what CloudFlare has added.
By default, DNS allows us to use the web without remembering the IP address of the site we want to visit. While we humans can easily understand names like “theverge.com”, or “archive. Organization”, computers use IP addresses (such as 207.241.224.2) to root their requests on the Internet instead. This is where DNS comes in: When you type the name of a website, your computer tells the DNS server (usually run by your ISP) to translate a name like “theverge.com” to the actual IP of the site. The DNS server will send it back, and your computer can load the site. (There are many other steps in this process, but the basic premise is that we need to know to understand ODoH.)
If you are concerned about privacy, you may have noticed that this system, which runs any DNS server, allows (and keeps track) about every website you visit. In general, it’s your ISP running that server, and there’s nothing to stop advertisers from selling that data. Looking to solve this problem with CloudFlare and co ODoH.
The protocol works by introducing a proxy server between you and the DNS server. Proxy Go-between works, sends your requests to the DNS server, and distributes its responses without knowing who is requesting the data.
By presenting only one proxy server, it is moving the problem to just one level: if it has a request, and it knows that you have sent it, what prevents it from creating its own log of the sites you have visited? That’s where ODoH’s “DNS over HTTPS” (DoH) part comes from. DoH is a standard that has been around for a few years, although it is not very widespread. It uses encryption to ensure that only the DNS server can read your requests. Using Deutsche, then routing it through a proxy server, you end up with a proxy server that can’t read the request, and a DNS server that can’t tell you where it came from.
This leaves the question: will all this really protect your privacy? This does not mean that the DNS server will not be able to keep track of which sites You special Visiting, but if you hope to hide your browsing information from your ISP, ODoH (or similar technologies, like DNSCrypt’s anonymous DNS) it may not be enough. ISPs still route all of your traffic, so simply hiding your DNS won’t stop them from creating your profile.
The truth of the matter is that staying private online online is not something you can achieve by setting up a tool. It’s a lifestyle that can honestly be inevitable in the real world (At least for me). With that said, keeping your DNS requests anonymous when technology becomes available is a brick to add to your privacy wall.
CloudFlare has already added the ability to take ODoH requests to their 1.1.1.1 DNS service, but you may have to wait until it is supported by your browser or OS, which will take some time (for example, ratified in 2018, And only by default in the US version of Firefox). If you’re anxious to use the new protocol, Firefox may also be the one to look out for for ODoH: its CTO says the team is “excited to see it launch and is looking forward to experimenting with it.”