Re: [Resolverless-dns] Paper on Resolver-less DNS

Erik Sy <sy@informatik.uni-hamburg.de> Mon, 19 August 2019 07:59 UTC

To: resolverless-dns@ietf.org
References: <20190818162401.069CB87313A@ary.qy>
From: Erik Sy <sy@informatik.uni-hamburg.de>
Openpgp: preference=signencrypt
Autocrypt: addr=sy@informatik.uni-hamburg.de; prefer-encrypt=mutual; keydata= mQINBFzVyS4BEADnUWBPWNK8CNxDj8QarMioEQsyEiLkpsln4zxw1cxhTnK+ZHd4wTOh1BZf GVmGZ7wdb/NLiQbENv44okX4mYgJjt32gbVg8ssfScfTEO9PVBgLi5SDtLAxLk8TjF7ETIkG NUWgAQm6Pw6EowjLjMJ4y3fahPcypqtfuO1cxF86pPYAsSG+9iuInpBQoZwuvZu3SLUMXB9l +Xwiy77wEpvPg49pNQhbFqlIZXAHTLyEIlrxG41xXbTt7P5kH333c1cRD//EeC2oEjZhgCBh B4ObFpgL4JxSo71MZFdSDOWfiwMq3kXOwJnPNq9xzcWEItVyLK30fXWt5uZ3YfUcZGpGXv1Y Kl4monIru9NFVSW35FlhHtpgUKdQBKJMeuc1ckZr00zRtd1tf/69rdnjJngR+5RJZE3ykDx4 bJ4P75nqeDUe8adc4S0GeExEgsjVl8QZpCgIrjicA4MQERJKaA3bmCWy5YfCqsZYfbFXrcmq sZopkMTI2X5ZsA3y+jjWlmfDo3Tdu9ddfF8BSB0nTbaPLnJCs878T8HE+Lx9y6QyHlfZ0BJx IuepITZInhbH2c/X5Ipw37+YjNCwzlCOozJDZ/tTj8suMpAKdt4qq3OR1PKyhlilUBiQcYDu 4HfGffihD91Bwxz89YsAtej6EvWLjSfF4fUucFMh9N4GSVQK/QARAQABtCZFcmlrIFN5IDxz eUBpbmZvcm1hdGlrLnVpbi1oYW1idXJnLmRlPokCVgQTAQoAQQIbAwUJB4YfgAULCQgHAwUV CgkICwUWAgMBAAIeAQIXgBYhBADP3q0kgaL0XCmyn7pmQSEb9ifsBQJc1dhqAhkBAAoJELpm QSEb9ifs580P9AiLD49H+bZhNwXZYAXD236D6mKBimXo7EnM8D+v6TXiBKweH35XkKjkHtfU nosHYybfQoV8Rjcdg4lZ8+E/N/7Jk0dcQ6N6gUY1YvMw+t5AiEXMZdz6tQEjwrU+FVlBMN7j WKDpumE4PjkKlxh4IPc9HCgmI0G3uq859nIBvHEpPyCc6z1++9zq+oqP8vUtFLqmuAhQJoOc JSyKv7FYnGhGRnGJGPwkdqwGfS6fZaavhKDXgBcvULXKF7gThZp6kAHG7QhEeNmwL4l/UTOA oAu1pwTfelMwkRWwXyZjgnSqY59ejD6lcFdxZ51O4qIfPmxViaORhNcguD9SvdGw6kdEGNIA az+bd8UfVltz2EkWb+KPbDi6bpa12Zr2Sz+8AakDRhEQ6gSLHicK1cyimhsf66i4SjlUMefX Gq2ImH2xJTMSZi2GN/0JtK/KaBfwArvxoNlWfp3aP97fmXeqNWZVJo2T0+Vvr3hKs00XhU/S 82sbVeFmAJMho5SL4GO+CYEYBQUuIUj131JBfgw3o/YB/WuTD+ELuM+VKP0loXPcgfE4UlEM Ik8yJmzKbRRXfwhCpvoc5T0GFtmQ9szMO9cnll+BiDK3qHNtfMsY09PgjCHnOzwhvYMf7H+3 g0dH3HyIY5Id1YPS88GANpqiG+K1d3vwr2dTER5ZUBuu+pq5Ag0EXNXJLgEQAKRNM1sPfiLC nEVME84YDsek0M+5svW6T1ggJL4dAgUdwYyujSrDdEujBr1AJaVHuJzMKLvqAIQqSvid0qVM zH32rx70LIkaLJE6iGbf/ckHHA1bpgzDRY9dcLj/J/B0F94BFx1oSavnP6uD1qRODnc4c9rZ s/GfmdnTxaC84MG26SWua2ckk81+ZP2qenXnebz1Krv0oRvObGW3QzAAjyg7Fdlb9UqRApmI FbM8xtTtNyls+ISruC8KbYTxv5wPegm817iLox9WpXkkJNbM6I/Nn887yvxsZghbiuoJaqJl OQqkm1wlMroQEIVIfZbe9+iSB7wc9KisxAOxsoFTfOeIwNfgH6HMvzNo+yffLnvjNO3v/Yzx utfP4FL00lVl53aTWj+Hq6Bym1EX+ZSSb+LhDW5MzXig4PYJKgZf2L+fr2SfDoiZMY6Nbirt DMAS2TpKaV4Jgc8576qkhwhG7o9GKPmNWV55lo+sFsGIXCsVB5zWjCq/FUJLg+dE+FR6aIR7 q2npur4rz9os69POEbTcIKn3vfbQ8ytaTuRfFGeTq2VjHXzi/qH49+i5sWLgvZug31f0dDhs PKDFdSTKrv2DFaKW9OsAbPoqqT3krqE0ho8iMbOaPqpEUn8z+cR7Ozuz3BE/ZedetOh/W8Kx K04rYuWGo4bZmf42QoKfWM6vABEBAAGJAjwEGAEKACYWIQQAz96tJIGi9Fwpsp+6ZkEhG/Yn 7AUCXNXJLgIbDAUJB4YfgAAKCRC6ZkEhG/Yn7HwtD/98u7M3mR5ktzk2aCkS7grO7PMbEFqS 0ycCOV+3P3u6gMy0conDgywA+niXVmzO4UsD2u7ncE8Y27Gc+nx0Q0MgmZ7Nju/rlLc/xisU Q++0MLhvwWQU6NRIO9hhaPK8gQzkvTtxRWxKljh7fDqlb9L02rCJ5jZ7zpRxGrRanQxkB7Z6 StY2AAaI6SMH6RDV45J2uVT+Fg5qenA3wqgxeY/V2avEFNHMwbs1v3pUmnPo5KTLvaMbMDaf PKu8akQezpO4CK3ugxV3tMQ43RFT4kdl1XQyaKEffLQUyoUyFHGJfq66+01t4cMu4/CEC7D+ S7pkOn7ANuwgilfINHVZ95Z1HOdadMYvt1Q37qmOaK34K6kHLbTglBIb2eBEp/OcUlOcrFEu 7yq1TU6QSvGA9QZVeAfttyA9YqEawB3j11uJm3xMknqS3SzTE0JxZNyz1Qri6OLnP3uVaXJj BCiiGZf6sgnCa7/JlYrrEIF3ukWQutUfG+1XVq85/gPYnmTlenp4PCIuQVJT+ldG3hPNS1un qX0iEGiV8XdwXy9Gg49QAhNOFn6llW17VP279NvEVa6eRAm5w4mp4L3FgpbFlKkCHZXzMx/7 wuYPd9pj+olW2uDid279lKsUGt0I7MVyad311Fd1WnQQrAuEw6ZduDNZMxnhRV4x0PxwnGEY Ye+WbA==
Reply-To: sy@informatik.uni-hamburg.de
Message-ID: <0b18b804-7ebb-bb57-917e-2a9ba5190b2b@informatik.uni-hamburg.de>
Date: Mon, 19 Aug 2019 09:58:54 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <20190818162401.069CB87313A@ary.qy>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090906030300030502080508"
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/yqyZ1rZVYtW2-U7_Gf9dY_48tVw>
Subject: Re: [Resolverless-dns] Paper on Resolver-less DNS
Precedence: list

On 8/18/19 18:24, John Levine wrote:
> In article <fe3af997-096d-82e8-b9c5-7e6c17558514@informatik.uni-hamburg.de> you write:
>> The privacy problem is that a significant share of DNS resolvers monitor
>> the users' online activities, aggregate these data in user profiles and
>> use these profiles within behavioral advertising or share these user
>> profiles with other parties. Here [1], you can find a comparative
>> analysis of public DNS resolver privacy policies substantiating my claims.
> I took a look at that paper, written by two grad students.  
I think the term grad student is not an appropriate description for a
professor at the American University in Washington, DC. From my
perspective, Samantha Bradshaw [1] and Laura DeNardis [2] have a good 
academic track record in the filed.
> If I were
> their advisor I would have handed it back to them and told them to
> talk to some people who understand the topic so they could fix the
> many painful factual errors.  They got the whole WHOIS GDPR fight
> backward, and made the rather large leap assuming that every word in,
> say, Google's generic privacy policy applies to queries to 8.8.8.8.

The authors describe this limitation in their paper. In detail, some
privacy policies are too generic and lack specific information about
what DNS query data was collected, used and stored. Nonetheless, the
authors concluded that the privacy policies of several DNS resolvers
allow using DNS queries to aggregate user data for advertising.

I'm not surprised by the authors' classification of Google's DNS
resolver. In my view, it is plausible that an advertising company
running a large number of DNS resolvers as a free service is using the
collected user data in the context of behavioral advertising.

> What does it mean to have an account with a DNS resolver?
> I'm not saying that there are no issues, but this paper is not a
> useful discussion of them.

I agree that an empirical measurement substantiating the use of prior
DNS queries within behavioral advertising is certainly a stronger
indication for the mentioned privacy issue than a description in the
privacy policy. However, I'm not aware of prior empirical research work
in that direction.

In total, resolver-less DNS does still send a possibly large number of
fallback DNS queries to the preconfigured DNS resolver. Following this,
the main argument to support resolver-less DNS is a faster connection
establishment on the web as it saves the delay caused by the traditional
DNS lookups. The described privacy enhancement via resolver-less DNS is
just a positive side-effect.

Erik

[1] https://scholar.google.de/citations?user=emHBI1MAAAAJ
[2] https://scholar.google.de/citations?user=PROAnvEAAAAJ

Attachment: smime.p7s

[Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Ben Schwartz
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS John Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS Joe Abley
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Hardie
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS John R Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Eric Orth
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Hardie
Re: [Resolverless-dns] Paper on Resolver-less DNS Fred Baker
Re: [Resolverless-dns] Paper on Resolver-less DNS Joe Abley
Re: [Resolverless-dns] Paper on Resolver-less DNS John R Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS Eric Orth
Re: [Resolverless-dns] Paper on Resolver-less DNS John Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Steffen Nurpmeso
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Hardie
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Hardie
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Anne Bennett
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Steffen Nurpmeso
Re: [Resolverless-dns] Paper on Resolver-less DNS Ralf Weber
Re: [Resolverless-dns] Paper on Resolver-less DNS John Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Hardie
Re: [Resolverless-dns] Paper on Resolver-less DNS Anne Bennett
Re: [Resolverless-dns] Paper on Resolver-less DNS Eric Orth
Re: [Resolverless-dns] Paper on Resolver-less DNS John Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS John Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS John Levine
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Ralf Weber
Re: [Resolverless-dns] Paper on Resolver-less DNS Vittorio Bertola
Re: [Resolverless-dns] Paper on Resolver-less DNS Anne Bennett
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Ralf Weber
Re: [Resolverless-dns] Paper on Resolver-less DNS Vittorio Bertola
Re: [Resolverless-dns] Paper on Resolver-less DNS Vittorio Bertola
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Vittorio Bertola
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Vittorio Bertola
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Eric Osterweil
Re: [Resolverless-dns] Paper on Resolver-less DNS Eric Osterweil
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Eric Osterweil
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Ted Lemon
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Joe Abley
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Eric Osterweil
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Joe Abley
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Bob Harold
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Joe Abley
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Erik Sy
Re: [Resolverless-dns] Paper on Resolver-less DNS Viktor Dukhovni
Re: [Resolverless-dns] Paper on Resolver-less DNS Paul Vixie

Re: [Resolverless-dns] Paper on Resolver-less DNS

Attachment: smime.p7s