On 29 August 2014 11:41, Hosnieh Rafiee <[email protected]> wrote: > >> > Do you have any statistics or any references that prove TU 2,3 tried >> analyzing resolver traffics? >> >> No, I do not belong in TU 2/3 and I do not participate in any data >> misuse project. However, the collected data is provably valuable for >> some people (otherwise services like following wouldn't exist), if the >> data is valuable, then there's someone who desires it (be it a for a >> good or bad cause). This is "I don't know my neighbours, let's not lock >> the front door", regardless of whether you believe it or not. > > This is completely a different case and your example is unrelated. You're not > locking the door. You are only pointing something to somewhere else.
Aha, sure. Please tell me more how my example of subject analyzing resolver traffic doesn't answer your question about, well, people analyzing resolver traffic. I admit my analogy was imperfect though, the point is to give as few data as possible about yourself. > >> > The problem is that you might hide first resolver source of traffic >> behind several intermediate nodes, but you clearly did not hide the >> real end user traffic. >> >> OK, as I've said, this does not prevent MITM sniffing on you >> (confidentiality problem), it makes you more anyonymous to name servers >> (anonymity problem). > > The problem is that you think that DNS carries something important and all > the assumption here is based on that. > > Again TU needs CONTENT to know whether or not the website that you concern > about is abusive. This is not by only checking DNS server traffic! Do you get > a lot of information from a DNS server? > > DNS traffic analysis does not give much information to TU. He can also HAVE > all those information by skipping all DNS traffic! > > > He needs to crawl that website! The other thing is that, some percentage of > loading those abusive web is the result of typos error on the URL or end user > mistake. So, such report is not precise Ok, you obviously don't believe DNS traffic needs privacy on the sole basis, that there's a bigger fish in the pond. I have seen X-Files and I choose to believe, let's leave it at that and move to the technical side of things. > > >> >> That's obviously uninteresting example. Say we have a newly registered >> domains with abusive content, whois data a and map of resolver traffic >> to those domains. The domain are quickly taken down, but the more you >> observe, the more you know who/when/where is interested in those >> domains and correlate it to other data. The name servers are >> centralized source of information of such data and tell you where to >> look for the other, possibly incriminating traffic. > > So again, by only changing the source of report TU can just have this > information that people in X search abusive website a lot. Can you generalize > this to all people in X country? Can you get any meaningful information from > such report and conclude that people in x country are bad people because they > like those kinds of website! > > Definitely NO. this is not based on facts. This is like choosing wrong > samples for reports. > So you only change x to y but not the conclusion of the report. The problem > is that conclusion report is not valid so it doesn't matter whether you > change the variables of the report. > > Best, > Hosnieh How did "all people in X country" get to my example? My IP address is for example public. Can you get any meaningful information from the name server about my lookups? Sure. Can you correlate my lookups to other people? Yup. I reiterate the DNS traffic _isn't_ interesting for incriminating evidence, but it can tell you at which servers to look for such evidence. Because how can you tell which website to crawl? You can for example traverse all newly registered domains, domains with an empty whois, but you can observe a group of nodes interested in such websites. If they have a good track record of looking up the address of the abusive website each Friday night, there's a good chance that the thing they'll be looking up the next time will be similar. Again, this sort of information doesn't make them guilty, but a potential suspects and I do not claim such thing. Kind Regards, Marek _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
