This new privacy tool would speed up your internet, too
It's no joke how much data your internet service provider can collect about you. A new service from Cloudflare aims to change that.
- 2022 Eddie Award for a single article in consumer technology
Cloudflare's 1.1.1.1 is a DNS resolver that's designed to speed up your internet and keep your browsing history private.
These days, you may wish you had a magic switch you could flip to keep your data more secure.
The misuse of Facebook user data by Cambridge Analytica is only the latest consumer privacy flap to create outrage. Remember the Equifax hack? That affected more than 230 million people. And in 2017, US lawmakers reversed Obama-era rules that forbade your internet service provider from making money off your web-browsing history.
Suddenly internet users are realizing that their internet service providers have been amassing huge troves of data on all the websites they visit. People aren't happy about that, and it seems there's nothing we can do about it.
So a magic switch would be nice. And that's essentially what website performance and security giant Cloudflare set out to create, starting with its new tool called 1.1.1.1. Announced Sunday, 1.1.1.1 aims to speed up your internet connection and make it harder for your ISP to collect your browsing history. In combination with a potential change in the way your browser works, the tool could eventually stop your ISP from accessing that information altogether. That's big news at a time when consumers are demanding more control of their data.
That other key change needed to make your data private is called DNS over HTTPS, a proposed standard being shepherded by the Internet Engineering Task Force that would hide information about your web browsing activity under a shroud of encryption. It's not built into the systems you use to go online yet, but Cloudflare is hoping that will change soon.
With 1.1.1.1, internet users can let Cloudflare take over the process of resolving requests to the DNS or Domain Name System. That's the crucial process of matching up a URL -- like facebook.com -- with a website's true location on the internet, called an IP address (for Facebook, that's 157.240.18.35).
Usually your internet service provider takes care of DNS for you. This also happens to be a great way to log every website you visit. Taking that out of your ISP's hands, then, makes it harder for the company to collect your browsing history.
"What many Internet users don't realize is that even if you're visiting a website that is encrypted -- has the little green lock in your browser -- that doesn't keep your DNS resolver from knowing the identity of all the sites you visit," wrote Cloudflare CEO Matthew Prince in a blog post Sunday.
That's what Cloudflare's pitching with its new service, which is free and can be used by changing the settings in your web browsers or operating systems. You can use it on computers, routers and phones. If you type 1.1.1.1 into your web browser, you'll find a website that gives you instructions.
Swearing off data collection
This gif shows how to point your iPhone toward 1.1.1.1 on a specific Wi-Fi network.
But wait, if Cloudflare is directing your website queries, then can't it collect your browsing history for itself? Actually, they're not going to keep that data at all, Prince said.
"At no time will we record the list of where everyone is going online," Prince said. "That's creepy."
Cloudflare is working with third-party auditors at KPMG to examine their systems and guarantee they're not actually collecting your data. That privacy commitment, Prince said, is what separates Cloudflare's 1.1.1.1 from other DNS services that are free and open to the public.
Other services include OpenDNS (owned by Cisco) and open-source project TentaDNS. Google also provides a DNS resolver, called Google Public DNS. Google does limit the kinds of information it saves when you use its DNS service, but it keeps anonymized lists of all the web addresses users search for in permanent logs, along with other information. The company says it doesn't correlate web browsing activity with Google accounts.
Cloudflare's promise to keep your data private is impressive, said Heidi Shey, a privacy and security expert at business analyst firm Forrester. "It's a great thing that they're coming out of the gate and being up front about that," Shey said. Still, she added, "You're kind of taking what they're saying at face value."
The company will need to continue to be transparent, showing what the auditors find in their logs, for consumers to continue to trust the service, Shey said.
That might be especially important because of a coding flaw, dubbed Cloudbleed, that in 2017 afflicted websites using Cloudflare's products. That led to the potential exposure of usernames, passwords, messages and other important information. Cloudflare fixed the problem, and there aren't any indications that hackers used the flaw to steal anyone's information.
Taking it one step further
Prince acknowledges that 1.1.1.1 is no silver bullet. Internet service providers still have other tools for sniffing out which websites you visit. That's because some key information about your web-browsing habits is encoded into the bits and bytes that travel over the internet, and ISPs can intercept that information and read it.
Cloudflare is hoping to help solve that problem, too. It's promoting the implementation DNS over HTTPS, which encrypts that data about your web browsing as it flows online.
It'll be up to the makers of web browsers, operating systems and devices to build in support for DNS over HTTPS. If that becomes standard practice, using a DNS service like 1.1.1.1 will cut off your internet service provider from your browsing history for good.
Mozilla is looking into making DNS over HTTPS a feature of its Firefox browser.
"Firefox is the most privacy-centric browser, and we are always looking for new technologies like DNS over HTTPS to ensure we're at the cutting edge of speed, privacy and making life online better," Selena Deckelmann, a senior director of engineering at Mozilla who focuses on Firefox, said in a statement.
What's the catch?
Lest you think this is an April Fools' joke too good to be true, Prince said there's something in it for Cloudflare, too. The company's main business is making its customers' websites run fast. While Cloudflare has an array of services to make this happen, Prince said, he realized that creating a free DNS service could speed things up on the user's end.
So if you use 1.1.1.1, there should be a combined effect when you visit the websites of Cloudflare customers. "It's going to be even faster," Prince said.
Oh, and why announce it on April Fools' Day? It's a bit of programming humor, Prince said. April 1 can also be written as 4/1. That's an awful lot like four ones, or... 1.1.1.1.
First published April 1 at 6 a.m. PT.
Update April 2 at 12:50 p.m. PT: To clarify how 1.1.1.1. would hide web browsing data in combination with the DNS over HTTPS protocol.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Special Reports: CNET's in-depth features in one place.