Safari gets new encryption option for network privacy on iPhones, Macs
Apple's approach lets browsers and other apps, too, use encrypted DNS technology on the company's devices.
Stephen Shanklandprincipal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertiseprocessors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, scienceCredentials
I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Apple's Safari will take advantage later this year of new
technology that protects an important type of network communication called DNS. It's part of a broader movement to build
into internet technology like email and the web that initially sent sensitive data unprotected.
DNS, short for Domain Name System, looks up the numeric internet addresses needed to communicate with online sites we know by human-readable names like cnet.com or wikipedia.org. Loading a website, checking email and many other online activities perform many DNS lookups, but typically they're not protected with encryption.
add that protection with a standard called DOH, or "DNS over HTTPS."
is embracing the same technology but is enabling it with the operating system, not the browser. And Apple also is offering a related encryption approach called DOT, which uses DNS over TLS, the encryption standard underlying the HTTPS technology for website security.
Apple's endorsement of DOH and DOT is an important moment for encrypted DNS. It's hard to retrofit privacy protections to decades-old technologies like DNS that are deeply embedded in the internet, but the shift to encrypted DNS is now well underway. On Thursday, Mozilla also broadened its support with a partnership to let Comcast handle Firefox DOH queries in accordance with Mozilla privacy requirements.
Privacy is a top priority for many tech players right now, and a key part of that push is encryption technology that scrambles data so it's impenetrable to those without the digital keys to decode it. Apple Chief Executive
is arguably the most vocal privacy proponent in the tech world, and in the opening speech at
, software chief Craig Federighi said, "At Apple, we believe privacy is a fundamental human right."
Without encrypted DNS, "other devices on the network cannot only see what names you're looking up, but they can even interfere with the answers," said Tommy Pauly, an Apple internet technologies engineer, in one of the online presentations that replaced a real-world conference for this year's WWDC.
DOH and DOT also help when you're using a publicly available Wi-Fi network at a place like a hotel or airport, where "your internet usage could be tracked or blocked," he added.
With Apple's technique, you'll be able to download encrypted DNS support and add it to an
or Mac. Once installed, the DNS setting can be modified through the
& Network settings or MacOS System Preferences' Network section.
An increasing number of companies offer DNS services. Candidates for support on Apple hardware include companies like
and Cloudflare. Comcast didn't comment for this story, but Cloudflare Chief Technology Officer John Graham Cumming said Apple's move is "fantastic."
He praised Apple for having an app approach that makes encrypted DNS easy to install, works well with companies that might need to control DNS for their own operations, and handles encrypted DNS problems that can crop up when using hotel, airport or coffee shop Wi-Fi. "Encrypted DNS is here to stay. We couldn't be happier," he said.
Apple's approach lets apps other than the browser use encrypted DNS. And it should sidestep some objections DOH critics have had about DOH settings -- for example, that enabling it by default could send people's browsing activity data to companies they know nothing about.