Share to: share facebook share twitter share wa share telegram print page

Oblivious HTTP

Oblivious HTTP
Communication protocol
PurposeEnable anonymous HTTP transactions
IntroductionJanuary 2024; 1 year ago (2024-01)
OSI layerApplication layer
RFC(s)9458

Oblivious HTTP (OHTTP) is an IETF network protocol intended to enable anonymous HTTP transactions over the Internet.[1] Its goal is to allow a user to send an HTTP request to a web server without allowing any single entity to see both the content of the request and the sender's IP address, since the IP address could be connected to the identity of the sender.[2] OHTTP is documented in RFC 9458, published in January 2024 by authors affiliated with Mozilla and Cloudflare.[3] The RFC says "Oblivious HTTP is simpler and less costly than more robust systems, like Prio [Wikidata] or Tor, which can provide stronger guarantees at higher operational costs."[3]

Some technology companies and other online service providers have implemented OHTTP to improve Internet privacy for users, typically for specific use cases such as collecting software metrics from client devices, collecting user data for targeted advertising, or processing client requests for use of artificial intelligence services. The privacy protections in the OHTTP protocol rely on two separate entities handling different aspects of each client request, so service providers interested in deploying OHTTP generally partner with a different company. For example, Cloudflare and Fastly provide OHTTP relay services, and Apple, Google, Meta, and Mozilla partner with one or both relay services for their OHTTP implementations.

Mechanism

HTTP is the foundation of communication for the World Wide Web. By default, HTTP exposes a website user's IP address to the operator of the website, which may enable the operator to gather a profile of information about the user.[3] OHTTP is one of several protocols designed to protect the privacy of users making requests to web servers, using the principle of privacy partitioning (also called decoupling) to hide IP addresses.[4][5] OHTTP is designed for simple transactions, such as sending web analytics information, rather than general-purpose web browsing.[6][7] Most implementations of OHTTP involve an application, such as a mobile app, pre-configured to reach out to an OHTTP service for a particular type of transaction.[8]

Figure 1 from RFC 9458: Overview of Oblivious HTTP

OHTTP protects user privacy by combining message encryption and specially-designed proxy servers. First, the client uses hybrid public key encryption (HPKE) to encapsulate the content of a HTTP request.[9] Then, the client sends the encrypted request to a relay, which can collect the client IP address but cannot decrypt the message.[3] The relay forwards the encrypted message to a gateway, which can decrypt the message but cannot find out the client IP address.[3] The gateway sends the decrypted request to a server for processing.[3] All traffic between the source, relay, gateway, and target server is sent over HTTPS to prevent third parties from analysing or intercepting the message contents.[10]

Since neither the relay nor gateway knows both the source IP address and the content of a request, the relay and gateway would need to collude to cross-correlate messages and de-anonymize them.[9] If either of the operators is trustworthy, privacy is preserved. However, if both operators collude, they can compromise the privacy guarantees of OHTTP.[9] The gateway and target server are typically operated by the same organization, while the relay is typically operated by a different organization to prevent collusion.[11] An analysis by NCC Group of an OHTTP implementation also noted that, to reduce risk of traffic analysis and other attacks, "Deployment of OHTTP requires careful management of key rotation, rate limiting, and tolerances against network delays."[12]

Client applications configured to use OHTTP, such as applications designed to use OHTTP for certain API calls, do not need to try to find out whether OHTTP is available from a server.[8] In other cases, if a server operator wants to tell clients that a service supports OHTTP, RFC 9540 (February 2024) defines an optional DNS resource record parameter.[8] This mechanism enables a client to discover, after sending a DNS request, that they can send OHTTP requests, although the initial DNS request could expose the client's IP address to the server if not otherwise hidden.[8]

Deployments

Cloudflare released an OHTTP relay service in 2022, called Privacy Gateway.[13][9] Flo, an app for tracking menstrual cycles, uses Cloudflare's OHTTP service to offer an "Anonymous Mode" that enables entering data into Flo without providing personally identifying information.[14]

Google contracted with Fastly in 2023 to provide Google with an OHTTP relay to implement its experimental anonymous advertising technology.[15][16] Specifically, Google used OHTTP to help ensure k-anonymity for its Privacy Sandbox initiative.[17] Google also uses a Fastly OHTTP relay as part of its Google Safe Browsing service.[18][19] Google offers a Safe Browsing Oblivious HTTP Gateway API that enables client applications, such as web browsers, to check whether a URL is on Google's list of unsafe websites without revealing the requester's IP address to Google.[20]

In 2023, Mozilla started using Fastly's OHTTP relay service as part of collecting Firefox performance metrics without collecting identifying information about individual users.[21][22]

As of 2024, Apple uses OHTTP in its Private Cloud Compute platform to conceal IP addresses associated with requests to Apple Intelligence tools.[23] Apple published support for OHTTP for its Swift programming language in 2024.[24] Apple said in 2025 that its Enhanced Visual Search uses OHTTP as part of its anonymization strategy.[25][26]

The Internet Security Research Group includes an OHTTP gateway in Divvi Up, a service that enables subscribers to collect software metrics from user devices while collecting minimal identifying information about users.[11]

As of 2025, Meta Platforms uses OHTTP in its "Private Processing" functionality for Meta AI tools, including to enable WhatsApp users to request summarization of messages without exposing the requester's IP address to Meta.[27] This uses Fastly's OHTTP relay service.[12]

Internet security
protocols
Key management
Application layer
Domain Name System
Internet Layer

An IETF working group, Oblivious HTTP Application Intermediation (OHAI), is responsible for working on OHTTP standards and collaborating with groups that work on related protocols.[1]

The Oblivious DNS over HTTPS (ODoH) protocol enables making Domain Name System (DNS) requests using similar architectural principles as OHTTP (RFC 9230, June 2022).[10]

Some people use virtual private network (VPN) services to address privacy concerns, but this enables a single entity to see identifying information about the user and all of their activity that passes through the VPN.[4] Tor is a separate technology for protecting user privacy on the web by decoupling the sender from the receiver through at least three intermediate hops.[4]

MASQUE (Multiplexed Application Substrate over QUIC Encryption) is a different set of protocols for improving the privacy of users making web requests.[28] It can be used for web browsing.[7] For example, Apple's iCloud Private Relay service uses MASQUE.[29]

See also

References

  1. ^ a b "Oblivious HTTP Application Intermediation (ohai)". Internet Engineering Task Force (IETF) Datatracker. 2025-03-19. Retrieved 2025-09-20.
  2. ^ Sengupta, Jayasree; Dey, Debasmita; Ferlin-Reiter, Simone; Ghosh, Nirnay; Bajpai, Vaibhav (2025-07-01). "How Resilient is QUIC to Security and Privacy Attacks?". arXiv:2401.06657 [cs.CR].
  3. ^ a b c d e f Thomson, Martin; Wood, Christopher A. (January 2024). "RFC 9458: Oblivious HTTP". IETF. ISSN 2070-1721. Retrieved 18 August 2025.
  4. ^ a b c Schmitt, Paul; Iyengar, Jana; Wood, Christopher; Raghavan, Barath (2022-11-14). "The decoupling principle: A practical privacy framework". Proceedings of the 21st ACM Workshop on Hot Topics in Networks. HotNets '22. New York, NY, USA: Association for Computing Machinery. pp. 213–220. doi:10.1145/3563766.3564112. ISBN 978-1-4503-9899-2.
  5. ^ Kühlewind, Mirja; Pauly, Tommy; Wood, Christopher A. (2024-07-31). "RFC 9614: Partitioning as an Architecture for Privacy". Internet Engineering Task Force (IETF) Datatracker. Retrieved 2025-09-20.
  6. ^ Huston, Geoff (2023-03-23). "Hiding behind MASQUEs". APNIC Blog. Retrieved 2025-09-20.
  7. ^ a b McFadden, Mark (2024-07-02). "The Rise of the Intermediaries". DNS Research Federation. Retrieved 2025-09-20.
  8. ^ a b c d Pauly, Tommy; Reddy.K, Tirumaleswar (2024-02-21). "RFC 9540: Discovery of Oblivious Services via Service Binding Records". Internet Engineering Task Force.
  9. ^ a b c d Wood, Christopher; Hoyland, Jonathan (2022-10-27). "Stronger than a promise: proving Oblivious HTTP privacy properties". Cloudflare. Retrieved 18 August 2025.
  10. ^ a b "Oblivious HTTP (OHTTP) explained". Mozilla Support. January 2025. Retrieved 18 August 2025.
  11. ^ a b Geoghegan, Tim (2024-07-25). "Oblivious HTTP now available on Divvi Up". Divvi Up. Internet Security Research Group. Retrieved 2025-09-20.
  12. ^ a b "Security and Privacy Assessment: WhatsApp Message Summarization Service" (PDF). NCC Group. 2025-08-26. pp. 8, 12–14, 25–26. Retrieved 2025-09-20.
  13. ^ Galicer, Mari; Wood, Christopher (2022-10-27). "Privacy Gateway: a privacy preserving proxy built on Internet standards". The Cloudflare Blog. Retrieved 2025-09-20.
  14. ^ Wetsman, Nicole; Faife, Corin (2022-09-14). "Flo period tracker launches "Anonymous Mode" to fight abortion privacy concerns". The Verge. Retrieved 2025-09-20.
  15. ^ "Fastly wins major Google deal ahead of cookie death". The Stack. 2023-03-15. Retrieved 2025-03-04.
  16. ^ Kuhn, Simon (2023-03-15). "Enabling privacy on the Internet with Oblivious HTTP". Fastly. Retrieved 2025-08-19.
  17. ^ Lee, Philip (2023-03-15). "Partnering with Fastly—Oblivious HTTP relay for FLEDGE's 𝑘-anonymity server". Chrome for Developers Blog. Retrieved 2025-09-20.
  18. ^ Bawa, Jasika; Lu, Xinghui; Li, Jonathan; Wozniak, Alex (March 14, 2024). "Real-time, privacy-preserving URL protection". Google Online Security Blog. Retrieved 2025-08-19.
  19. ^ Amadeo, Ron (2024-03-15). "Google says Chrome's new real-time URL scanner won't invade your privacy". Ars Technica. Retrieved 2025-08-19.
  20. ^ "Safe Browsing Oblivious HTTP Gateway API". Google for Developers. 2024-09-18. Retrieved 2025-09-20.
  21. ^ Holley, Bobby (October 12, 2023). "Built for privacy: Partnering to deploy Oblivious HTTP and Prio in Firefox". Mozilla Distilled. Retrieved 2025-08-19.
  22. ^ Iyengar, Jana (2023-10-12). "Firefox and Fastly take another step toward a privacy upgrade for the internet". Fastly. Retrieved 2025-09-20.
  23. ^ "Private Cloud Compute Security Guide: Request Flow". Apple Security Research. 2024. Archived from the original on 2025-06-06. Retrieved 2025-09-20.
  24. ^ Benfield, Cory (2024-08-21). "Introducing Oblivious HTTP support in Swift". Swift. Apple. Retrieved 2025-08-19.
  25. ^ "About Enhanced Visual Search in Photos". Apple Support. February 12, 2025. Retrieved 2025-03-04.
  26. ^ Claburn, Thomas (2025-01-03). "Apple auto-opts everyone into having their photos analyzed by AI for landmarks". The Register. Retrieved 2025-09-21.
  27. ^ "Building Private Processing for AI tools on WhatsApp". Engineering at Meta. 2025-04-29. Retrieved 2025-09-20.
  28. ^ Schinazi, David (2025-07-07). "The MASQUE Proxy". Internet Engineering Task Force (IETF) Datatracker. Retrieved 2025-09-20.
  29. ^ Nottingham, Mark (2022-12-30). "The state of HTTP in 2022". The Cloudflare Blog. Retrieved 2025-09-20.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi
Kembali kehalaman sebelumnya