Assessing the Privacy Benefits of Domain Name Encryption
share
As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak information about the domains they visit via their DNS queries and via the Server Name Indication (SNI) extension of TLS. Two proposals to ameliorate this issue are DNS over HTTPS/TLS (DoH/DoT) and Encrypted SNI (ESNI). In this paper we aim to assess the privacy benefits of these proposals by considering the relationship between hostnames and IP addresses, the latter of which are still exposed. We perform DNS queries from nine vantage points around the globe to characterize this relationship. We quantify the privacy gain due to ESNI for different hosting and CDN providers using two different metrics, the k-anonymity degree due to co-hosting and the dynamics of IP address changes. We find that 20 not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address. Our results show that 30 privacy benefit with a k value greater than 100, meaning that an adversary can correctly guess these domains with a probability less than 1 visitors will gain a high privacy level are far less popular, while visitors of popular sites will gain much less. Analyzing the dynamics of IP addresses of long-lived domains, we find that only 7.7 addresses on a daily basis. We conclude by discussing potential approaches for website owners and hosting/CDN providers for maximizing the privacy benefits of ESNI.
READ FULL TEXT