User safety has always been a top priority for Apple, which it placed above its own interests and those of others. Despite this, few expected Cupertino to easily undermine the current economic model on the Internet by banning cross-site tracking and allowing users to block cookies. Thus, the company put the advertising companies in a dead end, depriving them of the usual methods of tracking users and influencing other browsers that followed her example. But Cupertino decided that this was not enough and went further in the development of protective mechanisms.
IOS 14 and macOS Big Sur will have native protocol support DNS-over-TLS и DNS-over-HTTPS. About this, Apple told developers at WWDC 2020. With their help, Cupertino hopes to provide a higher level of protection for users from intercepting personal data sent via a browser or applications installed from the App Store. While this is not the most popular security tool, which, however, is beginning to be gradually used by developers of software that has access to the Internet.
What is DNS-over-HTTPS?
In simple terms, DNS-over-HTTPS and DNS-over-TLS are query encryption tools sent by the device to servers. If you do not use it, it turns out that someone, for example, an Internet provider, can intercept traffic and see its contents. This is now easy to do, because the data is transmitted in plain text. As a result, they can be read, analyzed and transferred to the side. Many take advantage of this opportunity by selling data to advertising companies that use the information to display relevant ads. But encryption will not allow them to do this.
IOS 14 and macOS Big Sur will have two ways to encrypt DNS queries, explained Apple’s Internet technology engineer Tommy Poly.
- The first way is more comprehensive and is to write an application that will configure the device to work on a specific server that supports encryption. In this case, all requests sent by the user will be protected in general.
- The second method is more narrowly focused. It will allow developers to add an encryption protocol directly to their application. If they want the requests that it sends to be protected, they simply select a specific server with encryption support in the settings, and all subsequent requests will go through it.
In addition, developers will be able to prescribe specific rules for using encrypted requests, for example, including them only in certain situations. For example, when a user uses a public Wi-Fi network, through which attackers can intercept traffic and read it. And if the operator blocks encrypted requests, developers will be able to notify users of the impossibility of their use with the recommendation of switching to mobile communications or refusing to perform meaningful actions.
IOS traffic encryption
In addition to providing encryption of DNS traffic, it also improves performance. Studies have shown that in many cases, using the DNS-over-HTTPS protocol can reduce response time. Despite the fact that DoH provides data encryption, which, logically, should take more time, in practice it turns out exactly the opposite due to the peculiarities of processing requests by servers that provide data encryption, which simply reduce their number to a minimum.
However, with all the usefulness of the upcoming innovation, it is clearly visible that Apple again walks on thin ice. The fact is that communication providers are very unhappy with the use of encryption protocols, which deprive them of access to user traffic. Because of this, by the way, US providers even turned to Congress demanding to ban companies from using the DNS-over-HTTPS protocols, because this supposedly could harm the security of users. Congress has not yet made any decision, but given the love of Americans for espionage even for their own, there is a chance that it will not be in favor of Apple.