Cloudflare Launches 1.1.1.1 Consumer DNS With A Focus On Privacy

I didn’t post this yesterday as it was April Fools Day and I didn’t want people to think this was a joke.

With that out of the way, Cloudflare which is a company that focuses on protecting enterprises from things like DDoS attacks has launched their 1.1.1.1 DNS service which is its first consumer product. Here’s why you should care:

DNS itself is a 35-year-old protocol and it’s showing its age. It was never designed with privacy or security in mind. In our conversations with browser, operating system, app, and router manufacturers nearly everyone lamented that, even with a privacy-first service like 1.1.1.1, DNS inherently is unencrypted so it leaks data to anyone who’s monitoring your network connection. While that’s harder to monitor for someone like your ISP than if they run the DNS resolver themselves, it’s still not secure.

What’s needed is a move to a new, modern protocol. There are a couple of different approaches. One is DNS-over-TLS. That takes the existing DNS protocol and adds transport layer encryption. Another is DNS-over-HTTPS. It includes security but also all the modern enhancements like supporting other transport layers (e.g., QUIC) and new technologies like server HTTP/2 Server Push. Both DNS-over-TLS and DNS-over-HTTPS are open standards. And, at launch, we’ve ensured 1.1.1.1 supports both.

We think DNS-over-HTTPS is particularly promising — fast, easier to parse, and encrypted. To date, Google was the only scale provider supporting DNS-over-HTTPS. For obvious reasons, however, non-Chrome browsers and non-Android operating systems have been reluctant to build a service that sends data to a competitor. We’re hoping that with an independent DNS-over-HTTPS service now available, we’ll see more experiments from browsers, operating systems, routers, and apps to support the protocol.

The fact that Cloudflare assures that your browsing habits will be kept private is important. ISPs among others desperately want to take your browsing data and make money off of it any way they can. Thus if you factor in the repeal of net neutrality in the US, this is a perfect time for a service like this to launch., If you visit https://1.1.1.1/ you can get set up with this promising new DNS service. I’ll be trying it out and writing a follow up on this in the coming days.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: