Oblivious HTTP

Oblivious HTTP (OHTTP) is an IETF network protocol intended to allow anonymous HTTP transactions over the Internet without revealing source IP addresses.^[1] OHTTP is documented in RFC 9458, published in January 2024. The working group describes it within the standard itself as "a simpler and less costly" alternative to the "more robust systems" like Prio^[2] or Tor. The standard sees itself in comparison also as inferior at "providing a stronger guarantee of anonymity". Furthermore the standard for the discovery mechanism of the mandatory connection configuration information (RFC 9540) also outlines that a client should use an anonymizing proxy while fetching them. Thereby it makes OHTTP entirely redundant.

Mechanism

OHTTP uses a combination of message encryption and a double-proxy-relay setup, where the first proxy relay can see the source, but cannot see the destination of the encrypted message, and the second proxy can decrypt the message to forward it on to the destination, but cannot see the original source. All traffic between the source, destination and both proxies is carried over the HTTPS protocol to prevent third parties from analysing or intercepting the message contents.^[3]

Since neither relay, nor any third party, simultaneously knows both the source and destination address for a transaction, it would thus require the operators of both relays to collude in order to cross-correlate messages and recover the source address; if either one of the relay operators is trustworthy, privacy is preserved. However, if both relay operators collude, the security of OHTTP is compromised.^[4]

The Oblivious DNS over HTTPS (ODoH) protocol uses OHTTP to carry DNS over HTTPS (DoH) traffic.^[3]

However a client first needs to fetch the gateway configuration file from a well-known Path /.well-known/ohttp-gateway which is "available on the same host as the Target Resource". Rendering all of the additional security guarantees of OHTTP useless as it exposes the same information to the same potential groups of attackers as unencrypted SNI-Headers in any typical TLS connections would. This is even already pointed out by one of the standards for discovery of these mandatory configuration parameters (RFC 9540) itself: "When clients fetch a gateway's configuration, they can expose their identity in the form of an IP address". Ironically the stated solution to this problem is the same as has already been commonly used before OHTTP standardization as well "connect via a proxy or some other IP-hiding mechanism".

Deployment

Google contracted with Fastly in 2023 to provide Google with an OHTTP relay to implement its experimental anonymous advertising technology.^[5] Cloudflare's Privacy Gateway is an OHTTP service.^[6] Apple states that its Enhanced Visual Search uses OHTTP as part of its anonymization strategy.^[7]

References

^ "Oblivious HTTP (ohttp)". datatracker.ietf.org. Retrieved 2025-03-04.
^ Corrigan-Gibbs, Henry; Boneh, Dan (2017-03-14). "Prio: Private, Robust, and Scalable Computation of Aggregate Statistics" (PDF). 14th USENIX symposium on networked systems design and implementation (NSDI 17) (eBook). online: USENIX Association (published 2017-03-27): 259–282. ISBN 978-1-931971-37-9. OCLC 1419202156. OL 59121964M. Archived (PDF) from the original on 2025-04-18.
^ ^a ^b "Oblivious HTTP (OHTTP) explained". support.mozilla.org. January 2025.
^ Wood, Christopher; Hoyland, Jonathan (2022-10-27). "Stronger than a promise: proving Oblivious HTTP privacy properties". Cloudflare.
^ "Fastly wins major Google deal ahead of cookie death". The Stack. 2023-03-15. Retrieved 2025-03-04.
^ "Stronger than a promise: proving Oblivious HTTP privacy properties". The Cloudflare Blog. Archived from the original on 2025-01-30. Retrieved 2025-03-04.
^ "About Enhanced Visual Search in Photos - Apple Support (JO)". Apple Support. Retrieved 2025-03-04.

This Internet-related article is a stub. You can help Wikipedia by expanding it.

This computer security article is a stub. You can help Wikipedia by expanding it.

[1] "Oblivious HTTP (ohttp)". datatracker.ietf.org. Retrieved 2025-03-04.

[2] Corrigan-Gibbs, Henry; Boneh, Dan (2017-03-14). "Prio: Private, Robust, and Scalable Computation of Aggregate Statistics" (PDF). 14th USENIX symposium on networked systems design and implementation (NSDI 17) (eBook). online: USENIX Association (published 2017-03-27): 259–282. ISBN 978-1-931971-37-9. OCLC 1419202156. OL 59121964M. Archived (PDF) from the original on 2025-04-18.

[:0-3] "Oblivious HTTP (OHTTP) explained". support.mozilla.org. January 2025.

[4] Wood, Christopher; Hoyland, Jonathan (2022-10-27). "Stronger than a promise: proving Oblivious HTTP privacy properties". Cloudflare.

[5] "Fastly wins major Google deal ahead of cookie death". The Stack. 2023-03-15. Retrieved 2025-03-04.

[6] "Stronger than a promise: proving Oblivious HTTP privacy properties". The Cloudflare Blog. Archived from the original on 2025-01-30. Retrieved 2025-03-04.

[7] "About Enhanced Visual Search in Photos - Apple Support (JO)". Apple Support. Retrieved 2025-03-04.

[1]

[2]

[3]

[4]

[5]

[6]

[7]