On Mon, Apr 9, 2018 at 2:16 PM, Bill Woodcock <wo...@pch.net> wrote:

> > On Apr 9, 2018, at 10:59 AM, Shumon Huque <shu...@gmail.com> wrote:
> > The ODNS server can still easily collude with recursive server operators
> to unmask the clients though, so I'm not sure how much privacy we've really
> gained. At some point, it may be reasonable to ask why aren't clients
> funneling their queries through a real anonymity network instead, like Tor,
> or better.
> Because Tor has exactly the same problem, but the intelligence agencies
> already have a ten-year head-start in setting up entry/exit nodes?

Well, that's one of the reasons I said "Tor, or better" :-) There are more
sophisticated anonymity networks, but they suffer from extracting increased
performance and usability costs.

But even considering just plain Tor, I think it's clear that the level of
effort a surveillance adversary has to undertake to compromise DNS privacy
is very significantly more than with ODNS.

dns-privacy mailing list

Reply via email to