On Mon, Apr 9, 2018 at 2:16 PM, Bill Woodcock <wo...@pch.net> wrote:

>
>
> > On Apr 9, 2018, at 10:59 AM, Shumon Huque <shu...@gmail.com> wrote:
> > The ODNS server can still easily collude with recursive server operators
> to unmask the clients though, so I'm not sure how much privacy we've really
> gained. At some point, it may be reasonable to ask why aren't clients
> funneling their queries through a real anonymity network instead, like Tor,
> or better.
>
> Because Tor has exactly the same problem, but the intelligence agencies
> already have a ten-year head-start in setting up entry/exit nodes?
>

Well, that's one of the reasons I said "Tor, or better" :-) There are more
sophisticated anonymity networks, but they suffer from extracting increased
performance and usability costs.

But even considering just plain Tor, I think it's clear that the level of
effort a surveillance adversary has to undertake to compromise DNS privacy
is very significantly more than with ODNS.

Shumon.
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to