Meet ODoH, where privacy means just not knowing anything

Written by

Being oblivious on the internet usually isn’t a recipe for protecting privacy. But Cloudflare announced Tuesday that it was launching support for a protocol that makes obliviousness its chief trait.

Developed in conjunction with engineers from Apple and Fastly, it’s called Oblivious DNS over HTTPS, or ODoH for short. It’s a newly proposed Domain Name System standard that Cloudflare, an internet services and cybersecurity provider, says separates IP addresses from queries, which means no one entity can see both simultaneously.

ODoH is one of three privacy initiatives Cloudflare hailed on Tuesday, with the other two meant to improve password security and halt metadata leaks. “Fundamentally what we’re trying to do with these announcements is to help point out places on the internet — or aspects of how the internet is built — that have a privacy hole, or an issue that make it easier to have their privacy compromised in one way or another,” said Nick Sullivan, Cloudflare’s head of research.

Regular DNS over HTTPS (DoH) is a relatively recently introduced protocol designed to keep third parties from being able to track sites that web surfers visit. DNS over TLS, or DoT, also aims to likewise prevent queries from being intercepted between a user’s computer and a DNS resolver. Recent versions of Firefox, iOS and more have made use of those protocols. But DoH and DoT haven’t been entirely without controversy.

“Until there is wider deployment among Internet service providers, Cloudflare is one of only a few providers to offer a public DoH/DoT service. This has raised two main concerns,” Cloudflare wrote. “One concern is that the centralization of DNS introduces single points of failure (although, with data centers in more than 100 countries, Cloudflare is designed to always be reachable). The other concern is that the resolver can still link all queries to client IP addresses.”

ODoH adds a layer of public key encryption and a network proxy to obtain the goal of decoupling a user’s IP and the hostname of the service. Cloudflare is making source code for ODoH available on Tuesday, and the working interoperable draft means it’s something “users should be able to set up and start using right away,” Sullivan said.

Cloudflare is partnering with PCCW, SURF and Equinix on ODoH. “The move to ODoH is a true paradigm shift, where the users’ privacy or the IP address is not exposed to any provider, resulting in true privacy,” Joost van Dijk, technical product manager at SURF, said in one of the blog posts.

Cloudflare’s publishing two more blog posts on Tuesday about privacy initiatives, too.

One is about Encrypted Client Hello (ECH), meant as an improvement on Encrypted Server Name Indication, which lets clients encrypt domain names of servers they’re trying to contact. ECH enables encryption of the entire Transport Layer Security handshake, a central part of making an HTTPS connection; currently, some privacy-sensitive information about that process is viewable.

The other is about an authentication protocol called OPAQUE, designed to keep passwords hidden and safe from breaches, given how often plain text passwords are stored on a host server sans encryption.