Your ISP can peep on your browsing, so Cloudflare is pulling down the shade

Cloudflare has introduced a new service called 1.1.1.1 that claims to be a faster, safer way to use the internet. In a week of headlines that include finding out nearly every Facebook account has been scraped without consent, the announcement felt timely. The internet grows more and more hostile with every new scandal and hack.

We had a conversation with the co-founder and COO at Cloudflare, Michelle Zatlyn, about why 1.1.1.1 was created, and why a safer internet is needed now more than ever.

In what ways are users currently unprotected on the internet?

Michelle Zatlyn: DNS is this underlying protocol that makes the internet work. It’s how consumers get online, but it isn’t inherently a protocol that had privacy baked-in from the beginning. When we created the internet forty years ago, it just wasn’t baked-in.

What that means is that if you’re buying internet access from most internet service providers — there are some exceptions such as Monkey Brains — but if you’re buying from Time Warner or Comcast or AT&T that have large market share across the United States, they can see what sites you’re going to. Even if you’re going over to a site over HTTPS, which is an encrypted site and a huge trend going on right now, they can see that they’re going to Cloudflare.com or YouTube or Facebook or any other site that people visit every day or every week. Your internet service provider can see the domain. They can’t see what you’re doing on it, but they can see where you’re going.

There was a law that got passed recently by the US Senate, that now internet service providers are allowed to sell that data. The assumption, or the hypothesis, is that internet service providers can now sell that data as another source for ad targeting. That’s what’s happening today. DNS is not secure. When you kind of think of that for a second, you say to yourself, “Do I really want Comcast, in my case, to know every site that I’m going to online?”

What is Cloudflare’s DNS service doing to prevent this from happening?

1.1.1.1 is a DNS resolver. So, if you’re a consumer, you can sign up for this. What Cloudflare is saying is that we will get all the IP logs within 24 hours. And, we’re holding ourselves accountable. We have now a third party — in this case we’re using KPMG, a very large, reputable auditing firm — who are going to come in and audit to make sure we are doing what we say we are doing.

No one else is doing that. No other DNS provider is committed to doing anything. It’s none of our business what you’re doing online. We do not make any money from selling data. We’re not in that business at all, so we’re fine getting rid of logs after 24 hours and we’re going to have a third party come in and audit, to make sure that the public knows we’re doing what we’re saying we’re going to do.

Again, DNS was never built with privacy in mind first. There’s this whole group called the Internet Engineering Task Force — smart technologists all around the world trying to solve this problem. The result is some new protocols that have been developed, such as DNS over HTTPS and DNS over TLS, and they help make DNS more secure. 1.1.1.1 also supports these new protocols so that as a consumer, you are getting the latest and most secure DNS available without having to do anything. Cloudflare has adopted the technology, and we’re basically making it simple to distribute around the world to help push these protocols that we really believe in forward.

In your announcement, you mentioned working with browser companies. In what ways did you work with them on this project?

There are several browser companies, and in this case we’ve worked with Mozilla, which really has done a lot of terrific work for giving privacy to consumers. Mozilla is an organization that has really pushed to give consumers the option of being privacy-first. Because they are a privacy-centric browser, we’re excited to be working with them to build 1.1.1.1 right into their browser because they love the DNS over HTTPS protocol.

cloudflare cofounder on an encrypted internet dns is not safe michelle zatlyn 2
Michelle Zatlyn

You can imagine it’s hard to get all our parents to adopt these technologies, even though they’re better. Mozilla said, “We want to help distribute this to all of our consumers that are using Mozilla.” They’ve been a terrific partner. They’ve been a huge reason why encryption has grown online through their “Let’s Encrypt” initiative — and now this. They loved the idea that we had a DNS resolver that was privacy-first, and so we worked together to bring that to all Mozilla users. It’s not live yet, but we’re working on it.

Are you hopeful about the future of a more encrypted internet? What does that future look like?

Sometimes I’m amazed at how well the internet works. The founders of the internet did an amazing job and they sometimes don’t get enough credit. It’s almost 40 years old. Having said that, the next generation of technology is saying, “How can we improve these things? If we could redo it, how would we do it?”

It’s none of our business what you’re doing online.

People have been working on these new initiatives — and it’s really these protocols like DNS over TLS or DNS over HTTPS. It’s just making DNS more secure inherently because it just wasn’t created this way. We are very optimistic about these new technologies; to see companies like us who are excited to distribute it to our folks who sign up for 1.1.1.1 — and to see Mozilla leaning in and saying, “We’re big supporters of this.”

The adoption isn’t going to happen overnight, but you’re going to see slow and steady adoption of these technologies. We’re optimistic for the future. These are good standards, and that’s going to help the next wave of internet innovation better.