On 2020/07/07 10:27, Noel Butler via mailop wrote: > On 07/07/2020 01:01, Johann Klasek via mailop wrote: > > > I have been told that DoH is set into place to solve the privacy > problem. On a small DNS workgroup meeting I saw a presentation on how > they statistically identify users by their DNS traffic, and could create > a profile with interests and affectations these users have. I think DNS > is not that anonymous one would expect. > > > > Don't you think there is more chance of a perfect picture of you being built > from, ohh i dunno, > long standing things like, netflow :) > > It will tell me a whole lot more about you than any DNS query could.
Straying a bit off-topic but, with traditional DNS requests are often aggregated first with other devices in your house/company by a local forwarder or NAT, then again at your ISP with their other customers, before being passed on to other servers with whom you don't have a customer relationship. Looking at netflow data, it's at least aggregated with other devices behind the same NAT IP, and a lot of it is just "tcp 443 to cloudflare" or whatever which tells a lot less than DNS query data. With DoH the query stream immediately goes to somewhere that often you don't have a customer relationship, and is separated nicely per-application (not even per-device), so yes a DNS provider very often does get a better picture of you than an ISP would have from netflow data. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
