Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting
Hoang Nguyen Phong, Niaki Arian Akhavan, Phillipa Gill, Michalis Polychronakis
Abstract
Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by—the still exposed—IP address information. However, content delivery networks, DNS-based load balancing, co-hosting of different websites on the same server, and IP address churn, all contribute towards making domain–IP mappings unstable, and prevent straightforward IP-based browsing tracking.
Topics & Concepts
Computer scienceDomain nameEncryptionExploitRobustness (evolution)Ip addressDomain Name SystemComputer securityWorld Wide WebDomain (mathematical analysis)Software deploymentComputer networkThe InternetInternet privacyChemistryBiochemistryMathematicsOperating systemGeneMathematical analysisInternet Traffic Analysis and Secure E-votingSpam and Phishing DetectionNetwork Security and Intrusion Detection