Facebook and Google have done a great job of raising concerns over online privacy, regardless of whether or not they meant to. Cloudflare decided to do something about that by setting up a new DNS service focusing on privacy first, and it’s also fast.
DNS, or domain name system, are the servers that convert human-friendly URLs like macobserver.com into the numeric addresses our computers understand. Since privacy wasn’t a concern when the internet came to life, the websites you visit can be tracked and logged by whoever runs the DNS servers you use.
Let’s say you sign up for broadband with Comcast and use the default DNS servers they provide you. That lets Comcast keep track of all the websites you visit. Feel free to replace “Comcast” with the name of your ISP.
Cloudflare describes the problem with DNS, saying:
The problem is that these DNS services are often slow and not privacy respecting. What many Internet users don’t realize is that even if you’re visiting a website that is encrypted — has the little green lock in your browser — that doesn’t keep your DNS resolver from knowing the identity of all the sites you visit. That means, by default, your ISP, every wifi network you’ve connected to, and your mobile network provider have a list of every site you’ve visited while using them.
There’s also the possibility that specific DNS servers could block or reroute your activity, essentially censoring your internet experience.
Cloudflare’s solution was to set up a new DNS server that doesn’t track your activity, doesn’t block sites or reroute you to sites you didn’t request, and is fast. To use their DNS servers you’ll need these two addresses:
1.1.1.1
1.0.0.1
To change the DNS server entries on your Mac, go to System Preferences > Network, select your network connection, click Advanced, then select the DNS tab. From there, click the Plus below the DNS Servers list to add Cloudflare’s addresses, then click OK to finish the setup.
You can add the DNS servers on your iPhone and iPad, too. Andrew Orr wrote a great tip that walks you through the process.
Cloudflare isn’t the first company to offer alternate DNS servers. OpenDNS and DNS Watch, for example, both offer what they say are faster services while breaking you free from your ISP tracking the sites you visit. Cloudflare, however, says its service outperforms Google’s DNS, is openly committed to not tracking your activity, and supports DNS-over-HTTPS.
That DNS-over-HTTPS support has the potential to be big for end users. Once Web browser apps add support for the feature your in-browser online activity will always be encrypted, which goes a long way to ensuring your privacy.
DNS requests are still readable (non-encrypted) unless you turn on DNS over HTTPS, which is not currently available in Safari but may be included in Firefox in the near future.