Engineers from Cloudflare, Apple, & Fastly have co-authored a new DNS standard that separates IP addresses from queries, so that no single entity can see both at the same time.
Announcing this on its official blog, Cloudflare said the new standard called “Oblivious DNS over HTTPS”, or ODoH for short has been launched with several launch partners who are equally committed to privacy.
A key component of ODoH is a proxy that is disjoint from the target resolver. The new protocol will usher in better user privacy. Some are calling it “a true paradigm shift”, where the users’ privacy or the IP address is not exposed to any provider, resulting in true privacy.
ODoH works by adding a layer of public key encryption, as well as a network proxy between clients & DoH servers such as 1.1.1.1. The combination of these 2 added elements guarantees that only the user has access to both the DNS messages & his own IP address at the same time.
Cloudflare says the ODoH protocol is a practical approach for improving privacy of users, & aims to improve the overall adoption of encrypted DNS protocols without compromising performance & user experience on the Internet. Plus it has been open source to help anyone run ODoH.
For more details, click here.
Image credit: Cloudflare
