←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 2 comments | 01 Apr 18 12:14 UTC | HN request time: 0s | source
Show context
ajross ◴[01 Apr 18 12:37 UTC] No.16727942[source]
This is the Cloudflare resolver, right? What's the "privacy-first" part about? It's just another third party DNS host. They haven't changed the protocol to be uninspectable and AFAIK haven't made any guarantees about logging or whatnot that would enhance privacy vs. using whatever you are now. This just means you're trusting Cloudflare instead of Comcast or Google or whoever.
replies(8): >>16727953 #>>16727957 #>>16727960 #>>16727965 #>>16727968 #>>16727969 #>>16727975 #>>16727978 #
vimda ◴[01 Apr 18 12:40 UTC] No.16727965[source]
Did you read the page? They're supporting DNS over TLS and DNS over HTTPS - both changes to the protocol to make in uninspectable. They've also said they're not logging IP info and they're getting independent auditors in to confirm what they're saying. Sounds trustworthy to me
replies(2): >>16728018 #>>16729162 #
dingaling ◴[01 Apr 18 12:52 UTC] No.16728018[source]
Both encrypted extensions are of course inspectable at the end-point, which is the privacy model being discussed.

What is intriguing to me is why Cloudflare are offering this. Perhaps it is to provide data on traffic that is 'invisible' to them, as in it doesn't currently touch their networks. Possibly as a sales-lead generator.

Or is the plan to become dominant and then use DNS blackholing to shutdown malware that is a threat to their systems?

replies(2): >>16728038 #>>16728336 #
1. vimda ◴[01 Apr 18 12:57 UTC] No.16728038[source]
Im probably being naive, but maybe altruism? At least if you buy into their making the internet better rhetoric
replies(1): >>16728412 #
2. wtmt ◴[01 Apr 18 14:22 UTC] No.16728412[source]
Cloudflare is already a significant enough player in handling Internet traffic. Maybe the company does want to do good for the sake of doing good, but I’m wary of companies taking over in this manner and making the Internet more like a monolith than a distributed system.