Your internet service provider could be privy to every website you visit and while that is scary, this is how things have been for many years.
This comes down to how websites are served to users. When you type www.htxt.co.za into your browser the request goes through the Domain Name System or DNS. And this is where the problem appears.
Despite advancements in this space, many DNS solutions exchange information in plain text. This means that anybody looking at the exchange can see what website you’re looking for and your IP address.
Enter Oblivious DNS over HTTPS or ODoH.
This solution from Cloudflare and Apple involves obfuscating the path that a request takes when you want to visit a website.
To explain it as simply as possible (if you want a more high-level explanation head here), ODoH wraps your request in an encrypted shell. This request then passes through a proxy where it is decrypted and handed over to the target address. This request is fulfilled, passed back to the proxy and then back to you.
This leads to three guarantees according to Cloudflare, though there is a caveat we’ll get to in a bit.
The first is that the target only sees the query and the IP address of the proxy rather than your IP.
Secondly, the proxy cannot identify, read, or modify the query being sent by you or the answer the target site sends you.
Finally, only the intended recipient of a query can read its content and respond.
As for that caveat we mentioned, privacy hinges on the proxy and target servers being separate. As you might imagine, if we controlled the proxy that was used to pass along requests for our website, identifying users would be trivial.
You might be wondering whether this feature results in a degradation in performance. The answer is – we don’t know.
Cloudflare has conducted some testing with positive results but more testing in more territories is needed to see just how much latency is affected.
To that end, Cloudflare has open sourced its ODoH implementations in Rust and Go which you can read more about here. Cloudflare’s 188.8.131.52 DNS is currently able to receive queries via this new ODoH protocol.
Whether ODoH will see widespread adoption, however, is another matter entirely.
[Image – CC 0 Pixabay]