On Mon, Apr 9, 2018 at 2:16 PM, Bill Woodcock <wo...@pch.net> wrote: > > > > On Apr 9, 2018, at 10:59 AM, Shumon Huque <shu...@gmail.com> wrote: > > The ODNS server can still easily collude with recursive server operators > to unmask the clients though, so I'm not sure how much privacy we've really > gained. At some point, it may be reasonable to ask why aren't clients > funneling their queries through a real anonymity network instead, like Tor, > or better. > > Because Tor has exactly the same problem, but the intelligence agencies > already have a ten-year head-start in setting up entry/exit nodes? >
Well, that's one of the reasons I said "Tor, or better" :-) There are more sophisticated anonymity networks, but they suffer from extracting increased performance and usability costs. But even considering just plain Tor, I think it's clear that the level of effort a surveillance adversary has to undertake to compromise DNS privacy is very significantly more than with ODNS. Shumon.
_______________________________________________ dns-privacy mailing list email@example.com https://www.ietf.org/mailman/listinfo/dns-privacy