Apple and Cloudflare have jointly developed a new Internet protocol designed to protect your privacy, by preventing your internet service provider (ISP) from seeing which websites you visit.

Currently, when you enter a web address into your browser, that address is passed to a Domain Name Server (DNS) which looks up the domain name in order to convert it to the numerical IP address needed to connect to it …

By default, that DNS is operated by your ISP, which means it knows both who you are and which websites you visit. Some ISPs sell that data to advertisers. Some DNS queries are encrypted, but the company running the DNS service can still see the data.

TechCrunch reports that the new DNS protocol is designed to prevent that.

Dubbed Oblivious DNS-over-HTTPS, or ODoH for short, the new protocol makes it far more difficult for internet providers to know which websites you visit […]

Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.

“What ODoH is meant to do is separate the information about who is making the query and what the query is,” said Nick Sullivan, Cloudflare’s head of research.

In other words, ODoH ensures that only the proxy knows the identity of the internet user and that the DNS resolver only knows the website being requested. Sullivan said that page loading times on ODoH are “practically indistinguishable” from DoH and shouldn’t cause any significant changes to browsing speed.

ODoH is only effective if two different organizations run the proxy server and the DNS service. There aren’t yet many of these around, though Cloudflare is working with a few through its 1.1.1.1 DNS service.

While Apple and Cloudflare have done the groundwork, it’s just a proposed protocol at present. To be adopted across the web, it will need to be signed-off by the Internet Engineering Task Force, the non-profit which oversees the approval of new protocols.

Two steps you can take in the meantime are to use a DNS that is not run by your ISP, or to use a trustworthy VPN. You can make free use of Cloudflare’s 1.1.1.1 (and 1.0.0.1 backup) service, or Google’s 8.8.8.8 (and 8.8.4.4 backup).

On iOS devices, go to Settings > Wi-Fi and then tap the blue “i” icon next to your Wi-Fi network. Scroll down to Configure DNS, select Manual then tap Add Server to add the ones you want, before deleting the old ones.

On Macs, go to  > System Preferences > Network. Then click on either WiFi, Ethernet adapter or each in turn. Click the Advanced button then the DNS tab. Hit the + symbol to add the servers you want to use and delete any you don’t.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear