Cloudflare rolls out its 1.1.1.1 privacy service to iOS, Android
Months after announcing its privacy-focused DNS service, Cloudflare is bringing 1.1.1.1 to mobile users.
Granted, nothing ever stopped anyone from using 1.1.1.1 on their phones or tablets already. But now the app, now available for iPhones, iPads and Android devices, aims to make it easier for anyone to use its free consumer DNS service.
The app is a one-button push to switch on and off again. That's it.
Cloudflare rolled out 1.1.1.1 earlier this year on April Fools' Day, no less, but privacy is no joke to the San Francisco-based networking giant. In using the service, you let Cloudflare handle all of your DNS information, like when an app on your phone tries to connect to the internet, or you type in the web address of any site. By funneling that DNS data through 1.1.1.1, it can make it more difficult for your internet provider to know which sites you're visiting, and also ensure that you can get to the site you want without having your connection censored or hijacked.
Apple and Google Play.
Also at Android Police and Fast Company.
Previously: Cloudflare Launches 1.1.1.1 Consumer DNS Service
Cloudflare's New DNS Attracting 'Gigabits Per Second' Of Rubbish
Related Stories
On April Fool's Day and Easter Sunday, Cloudflare launched a new "privacy-oriented" domain name system (DNS) service with two IP addresses: 1.1.1.1 and 1.0.0.1. These addresses were offered by the Asia-Pacific Network Information Centre (APNIC) in exchange for allowing APNIC to study the "garbage traffic" often sent to them. The service supports both DNS-over-TLS and DNS-over-HTTPS, and DNSPerf currently ranks 1.1.1.1 as the fastest consumer DNS resolver:
Cloudflare is launching its own consumer DNS service today, on April Fools' Day, that promises to speed up your internet connection and help keep it private. The service is using https://1.1.1.1, and it's not a joke but an actual DNS resolver that anyone can use. Cloudflare claims it will be "the Internet's fastest, privacy-first consumer DNS service." While OpenDNS and Google DNS both exist, Cloudflare is focusing heavily on the privacy aspect of its own DNS service with a promise to wipe all logs of DNS queries within 24 hours.
DNS services are typically provided by internet service providers to resolve a domain name like Google.com into a real IP address that routers and switches understand. It's an essential part of the internet, but DNS servers provided by ISPs are often slow and unreliable. ISPs or any Wi-Fi network you connect to can also use DNS servers to identify all sites that are visited, which presents privacy problems. DNS also played an important role in helping Turkish citizens avoid a Twitter ban.
Also at VentureBeat and Engadget.
Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Centre (APNIC).
The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy.
"We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post.
"We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."
(Score: 1, Interesting) by Anonymous Coward on Monday November 12 2018, @06:45AM (1 child)
How does hijacking my DNS help ensure my DNS isn't being hijacked?
(Score: 2) by coolgopher on Monday November 12 2018, @06:53AM
This one is opt-in.
If the app devs were particularly nice they'd make the 1.1.1.1 configurable (I'd be fine with that setting being hidden off somewhere "advanced"). That would make it a useful app.
(Score: 0) by Anonymous Coward on Monday November 12 2018, @06:49AM (7 children)
it can make it more difficult for your internet provider to know which sites you're visiting
So, let's give all that to Cloudflare for some reason?
You know, all these specious claims about "privacy" are bullshit, right? They have to answer to the authorities like everyone else. Whatever, you still have to take them at their word.
I hear the safest way to do DNS is to roll your own, on a pi or something.
(Score: 3, Informative) by Runaway1956 on Monday November 12 2018, @07:32AM (6 children)
That was my question. But TFA says they never write any query data to disk, and they wipe logs in 24 hours. So - either you believe them, or you don't. This is the same thing that makes PIA so attractive as a VPN provider. They don't log. In fact, they left Russia because Russia required their logs. They don't have logs, can't turn over any logs, so they can't comply with the law. So, the question here, is whether you believe Cloudfare or not.
(Score: 2) by MichaelDavidCrawford on Monday November 12 2018, @07:51AM (1 child)
I don't. That's why I always use DDG's Tor Hidden Service.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by Runaway1956 on Monday November 12 2018, @10:58AM
I am considering using this 1.1.1.1 for my home network. I want to research it a little first, but I'm considering it. The family won't consider changing their DNS servers, I have to do it on the router for them. If this is all that it claims to be, then the network will be a bit faster, and family members gain some security. As for techies and nerds who demand the bestest, maybe this isn't so very good. So, we're still down to "who do you trust" or "who can you trust". Research is in order, I do believe.
(Score: 2) by legont on Monday November 12 2018, @03:44PM (3 children)
Actually, it appears that Russia currently prohibits VPN's outright. NordVPN that I use still has servers over there though. I wonder how so (and how it is compared to PIA)
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by Runaway1956 on Monday November 12 2018, @04:26PM (2 children)
https://www.deepdotweb.com/2014/07/08/is-your-vpn-legit-or-shit/ [deepdotweb.com]
I looked around a little bit - clicked several search links to see what I could see. Some links graded Nord pretty badly, but they seem to be people who don't know how to set up a VPN,and ran into difficulties. Most great pages about Nord seem to trace back to Nord. They even quote Nord advertisements, to "prove" how great Nord is. Shills are shills, everywhere you find them.
The link I provided above, indicates that Nord ranks among the top ten, right along with PIA. I can't explain why PIA dumped their Russian servers, but Nord kept them.
Hmmm - changing from "search the web" to "news" offers more relevant links:
https://nordvpn.com/blog/russia-service-update-in-light-of-new-surveillance-law/ [nordvpn.com] Nord seems to acknowledge that they are violating Russian law, by offering "double VPN".
https://www.techrepublic.com/article/russia-vpn-ban-what-tech-pros-and-business-travelers-need-to-know/ [techrepublic.com]
So, I dunno - I'm not finding anything definitive.
(Score: 3, Informative) by legont on Monday November 12 2018, @05:57PM (1 child)
I can share my own experience... NordVPN servers sometimes go stale probably because they don't have balance loader. On Linux a little script solves it, but I have to reconnect manually about twice per week on android. Other than that - assuming one knows what DNS is - works very well. I do use servers all over including Russia.
My biggest issue is that many mainstream services either discourage the use of NordVPN by slowing down or silently refuse to work claiming downtime and/or various errors. Among them are Citi, Chase, Amazon, Craiglist ... Life of suppressed peoples is probably getting harder because of it.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 1) by fustakrakich on Monday November 12 2018, @09:57PM
It seems that VPN has a problem if anybody knows you're using it, same for Tor. They have to be more transparent to the system, blend in better with the noise.
La politica e i criminali sono la stessa cosa..
(Score: 2) by MichaelDavidCrawford on Monday November 12 2018, @07:54AM (2 children)
$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=56 time=225.466 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=56 time=224.631 ms
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by mobydisk on Monday November 12 2018, @06:09PM
20-25ms for me, FYI.
(Score: 2) by deimtee on Monday November 12 2018, @06:55PM
bash-4.3$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=54 time=13.3 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=54 time=12.6 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=54 time=12.1 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=54 time=12.7 ms
64 bytes from 1.1.1.1: icmp_seq=5 ttl=54 time=14.2 ms
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 12.110/13.010/14.223/0.723 ms
I dunno, is that good?
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by MostCynical on Monday November 12 2018, @08:03AM (5 children)
why do people need an app? Is it because the settings on "normal" android are too complex/hidden/locked that people can't change them?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Touché) by VeasMKII on Monday November 12 2018, @08:22AM (1 child)
You know the answer is yes.
(Score: 1, Touché) by Anonymous Coward on Monday November 12 2018, @06:58PM
He's just fucking with Betteridge.
(Score: 2) by Runaway1956 on Monday November 12 2018, @11:02AM (1 child)
Let us keep in mind that configuring Firefox is too complex/hidden/locked for most people. About:config scares them, so they download addons that promise to configure Firefox for them. Many, or even most, of those addons can be implemented by the user through about:cofig.
(Score: 0) by Anonymous Coward on Monday November 12 2018, @02:11PM
And the fear is very illogical, it's some random extension they should be afraid of. "requires permissions to track your every move till eternity..."
But such are people.
(Score: 2) by rigrig on Monday November 12 2018, @11:43PM
Yes.
The only way to manually change (only) the DNS server is from a rooted terminal.
You can switch Wifi connections from DHCP to static and tell it which DNS server to use, but that means you also need to configure a static IP, for every Wifi network, and it can't be done for your mobile connection.
This app doesn't simply change DNS settings: it's sets up a local "VPN" connection which redirects all DNS to 1.1.1.1 and passes through all other traffic.
(Which also means you can't use it in combination with a real VPN)
No one remembers the singer.
(Score: 1, Funny) by Anonymous Coward on Monday November 12 2018, @01:26PM (2 children)
soon we'll get a app that tells people what app to install ... oh wait.
(Score: 3, Interesting) by legont on Monday November 12 2018, @04:04PM (1 child)
Actually, a reputable app like this would be a great idea. Community driven. I am willing to pay for it.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by takyon on Monday November 12 2018, @06:37PM
We'll call it Reddit: Social News, Trending Memes & Funny Videos [google.com].
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by corey on Wednesday November 14 2018, @08:21AM
DNS66 allows custom DNS servers. Works a treat, with add blocking too. Unrooted phone.
They say your ISP is less likely to track your web browsing this way. Crap, DNS is plaintext, Wireshark or tcpdump is all that's needed.
I just got DNSSEC and DNS via TLS going in Unbound on my Freebsd server. Works great. Mitigate the above due to TLS. Need to make sure you use a CA certificate though. Not a self signed one.