> On Apr 9, 2018, at 10:59 AM, Shumon Huque <shu...@gmail.com> wrote: > The ODNS server can still easily collude with recursive server operators to > unmask the clients though, so I'm not sure how much privacy we've really > gained. At some point, it may be reasonable to ask why aren't clients > funneling their queries through a real anonymity network instead, like Tor, > or better.
Because Tor has exactly the same problem, but the intelligence agencies already
have a ten-year head-start in setting up entry/exit nodes?
Still, I’m with Shumon on this… It seems like a reasonable thing to do, but it
only works as long as the entry and exit nodes are not affiliated… If it
provided any major privacy benefit, folks who wanted to deanonymize the traffic
would just pay what it cost to set up both entry and exit nodes, and you’ll be
right back in the jam that Tor is in. So, I’m happy to support it, but it’s a
layer of defense-in-depth, not a stand-alone solution.
-Bill
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
