Cloudflare and Apple have created a new internet protocol, called Oblivous DNS over HTTPS – OdoH for sure – designed to keep DNS queries private. While DNS over HTTPS added encryption, those DNS resolvers still knew which websites you visited. This new protocol decouples DNS queries from the internet user. ODoH wraps encryption around the query and passes it through a proxy server. Because its encrypted, the proxy doesn’t see what’s inside, and shields the resolver from the user.
Next steps – waiting until ODoH is built into browsers and operating systems.
Why do we care?
This is no silver bullet for privacy. A single tool won’t do it – and notably, an ISP would still route your traffic, so could probably build a profile of you.
DNS over HTTPS is still not widespread either, so it’s fair to say this has a long way to go.
That’s not a reason not to embrace it, as every step matters. ODoH is live with Cloudflare’s DNS service, but needs a browser or OS. Look to Firefox likely to be the first to move.