Archive

bert hubert <bert.hubert@powerdns.com>

Hi everyone,

I'm happy with the progress in -11 and hope we can see this in standardized
production soon!

One thing I would like to note though, but I'm not sure if it has a place in
the draft: the differential privacy aspects of DNS versus DNS over HTTPS.

DNS is encoded so tightly that there is almost no variation in queries
coming from stub resolvers.  Your esp8266, fridge, microwave and iPhone X
all send out bit for bit identical queries, and this is a wonderful thing.

HTTPs however can be highly identifiable.  Over the course of a week, over
4000 different agent strings visited https://ds9a.nl/ and
https://powerdns.org/, for example (and this is excluding bots). This allows
DoH servers to differentiate different devices in a household easily, since
most of them will have a unique string.

In addition, HTTP can carry further identifying headers like accepted
languages, HSTS settings (perhaps) or even cookies. 

It has also been observed that TLS session resumption data provides a way to
semi-persistently track individual TLS originators (but I don't know for how
long).

With all this, there is the clear risk that DoH as a privacy feature will at
first succeed in providing DNS operators with a more detailed insight into
per-device browsing habits, something they may not be shy to monetize.

I have discussed this on Twitter with various HTTP users and they opined
that since they were supplying these headers already anyhow the privacy
impact is minimal. After some discussion & dumping of headers, I think they
agreed it is not necessary to send out a user's language preferences with
DNS request, nor the CPU, or the operating system or the exact browser
version.

As noted, I don't know if this has a place in the draft, but I'd recommend
DoH clients to:

* Set their Agent to 'DoH client', no matter what browser/library
* Do not pass non-essential HTTP headers (like language)
* Do not allow the DoH server to set cookies
* Ponder TLS sessions resumption data settings
* Think about all other ways in which HTTP can be tracked (HSTS?)

Thoughts?

	Bert

Similar Articles:

Free & Open Source Software (FOSS) | Go Incognito 1.4

Free & Open Source Software (FOSS) | Go Incognito 1.4

Beerisgood/Firefox_Anti-Telemetry: Anti-Telemetry user.js for Mozilla Firefox

Beerisgood/Firefox_Anti-Telemetry: Anti-Telemetry user.js for Mozilla Firefox

DNS over TLS - Thoughts and Implementation

DNS over TLS - Thoughts and Implementation

The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS

The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS