Despite the timing, Cloudflare CEO Matthew Prince would like to emphasize that his company’s latest announcement is not an April Fool’s joke.
The security services company is rolling out a new DNS resolver Sunday that it hopes will make the internet faster and more secure. The service, called 1.1.1.1 (four ones, or April 1), allows PC and mobile users to use a custom DNS setting that Cloudflare says is more secure than the default one issued by your ISP, which allows them to assemble a profile of your browsing history that marketers find very intriguing.
“DNS is the foundation of almost everything you do on the internet,” Prince said in an interview with GeekWire. “If we could make that faster, that’s just a cool engineering challenge.”
DNS is the system that translates text domains, like geekwire.com, into the series of numbers that actually marks that site’s location on the internet. There are a few different parts to it: DNS resolvers (or recursive DNS servers) are the phone books of the internet, servers that take the requests sent from your computer for a given website and connect you to that site. In this analogy, the other part, authoritative DNS servers, are the telephone operators that tell DNS resolves where the site actually is.
If you configure your phone or computer to use 1.1.1.1 as the DNS resolver, that device will use Cloudflare’s network to find your destination. Most people use the default DNS resolver provided by their internet service provider, which allows that ISP to see which sites you’ve visited (but not the content of those sites) and in some cases, assemble a profile of your browsing habits that can be sold to marketers.
There are a lot of alternative DNS providers; Google’s 8.8.8.8 service is probably the most widely used one, and there are lots of others that let you get online without telling your ISP where you’ve been. The impulse to avoid ad tracking is one thing, but in a lot of countries ISPs are state-owned companies that use DNS information to track dissidents and take sites they don’t like offline; in 2014 dissidents in Turkey actually used Google’s service to get around a government ban on Twitter until the DNS service was also blocked.
Cloudflare is promising 1.1.1.1 users that it won’t log any IP addresses that use its service, and any information it does track (such as the number of requests from a given region, or request that appear to come from botnets) will be deleted from its servers 24 hours after it was collected, Prince said.
“Our business never has been, and never will be, selling user data,” he said.
And even if you’re not paranoid about your online habits, 1.1.1.1 promises a faster internet experience by using Cloudflare’s network instead of your ISP’s, Prince said. Cloudflare operates a network of servers around the world that are used by its customers to absorb the flood of traffic associated with distributed denial-of-service attacks, and it has started to open up that network for some interesting other uses.
In tests against Cisco’s OpenDNS service, one of the leading alternative DNS providers, 1.1.1.1 was at least 30 percent faster, and it has half the latency of your average ISP, he said.
Prince hopes services such as 1.1.1.1 help spur adoption of encrypted DNS resolvers, which are currently being debated as a standard by the Internet Engineering Task Force (IETF). “We have an opportunity to rebuild the 1983-era DNS protocol, and do it with encryption built in,” he said.
It seems pretty likely that only a small subset of internet users will actually change the default settings on their devices; Prince said Cloudflare’s internal goals for 1.1.1.1 usage are in the low single-digit millions. Still, if services like 1.1.1.1 are included in browsers and home routers, eventually more and more people might come to understand the benefits of using something other than the default service, he said.
If you’re interested in using 1.1.1.1, set-up instructions can be found here.