On 09/28/2016 11:35 AM, Philipp Winter wrote:
My colleagues and I published a (not yet peer-reviewed) research paper on how DNS affects Tor's anonymity. The key parts of our work are:
- We measure the DNS setup of exit relays over time, showing that at times Google got to see almost 40% of DNS requests coming out of Tor.
- We show how website fingerprinting attacks can be augmented with observed DNS requests, resulting in precise attacks for unpopular websites.
- Similar to the "Users Get Routed" work, we simulate the impact of our attack at Internet-scale using the TorPS simulator.
The PDF is available online: <https://nymity.ch/tor-dns/tor-dns.pdf>
Our project page has code, data, and replication instructions: <https://nymity.ch/tor-dns/> _______________________________________________
Excellent work, this is really neat! It reminds me a bit of https://www.cse.buffalo.edu/~mohaisen/doc/14-wpes.pdf, which describes the prevalence accidental .onion lookups on DNS root servers. The issue with 8.8.8.8 is significant. It's easy to point /etc/resolv.conf at Google's DNS because it just works, without realizing the implications. https://xkcd.com/1361/ -- Jesse