> > Do you have any statistics or any references that prove TU 2,3 tried > analyzing resolver traffics? > > No, I do not belong in TU 2/3 and I do not participate in any data > misuse project. However, the collected data is provably valuable for > some people (otherwise services like following wouldn't exist), if the > data is valuable, then there's someone who desires it (be it a for a > good or bad cause). This is "I don't know my neighbours, let's not lock > the front door", regardless of whether you believe it or not.
This is completely a different case and your example is unrelated. You're not locking the door. You are only pointing something to somewhere else. > > The problem is that you might hide first resolver source of traffic > behind several intermediate nodes, but you clearly did not hide the > real end user traffic. > > OK, as I've said, this does not prevent MITM sniffing on you > (confidentiality problem), it makes you more anyonymous to name servers > (anonymity problem). The problem is that you think that DNS carries something important and all the assumption here is based on that. Again TU needs CONTENT to know whether or not the website that you concern about is abusive. This is not by only checking DNS server traffic! Do you get a lot of information from a DNS server? DNS traffic analysis does not give much information to TU. He can also HAVE all those information by skipping all DNS traffic! He needs to crawl that website! The other thing is that, some percentage of loading those abusive web is the result of typos error on the URL or end user mistake. So, such report is not precise > > That's obviously uninteresting example. Say we have a newly registered > domains with abusive content, whois data a and map of resolver traffic > to those domains. The domain are quickly taken down, but the more you > observe, the more you know who/when/where is interested in those > domains and correlate it to other data. The name servers are > centralized source of information of such data and tell you where to > look for the other, possibly incriminating traffic. So again, by only changing the source of report TU can just have this information that people in X search abusive website a lot. Can you generalize this to all people in X country? Can you get any meaningful information from such report and conclude that people in x country are bad people because they like those kinds of website! Definitely NO. this is not based on facts. This is like choosing wrong samples for reports. So you only change x to y but not the conclusion of the report. The problem is that conclusion report is not valid so it doesn't matter whether you change the variables of the report. Best, Hosnieh _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
