Long-time Slashdot reader UnderAttack writes:
DNS over HTTPS has been hailed as part of a “poor mans VPN”. Its use of HTTPS to send DNS queries makes it much more difficult to detect and block the use of the protocol. But there are some kinks in the armor. Current clients, and most current DoH services, do not implement the optional passing option, which is necessary to obscure the length of the requested hostname. The length of the hostname can also be used to restrict which site a user may have access [to]. The Internet Storm Center is offering some data to show how this can be done. Their article is by Johannes B. Ullrich, Ph.D. and Dean of Research at the SANS Technology Institute. It notes that Firefox “seems to be the most solid DoH implementation. Firefox DoH queries look like any other Firefox HTTP2 connection except for the packet size I observed.” And an open Firefox bug already notes that “With the availability of encrypted DNS transports in Firefox traffic analysis mitigations like padding are becoming relevant.”
Read more of this story at Slashdot.
Source:
https://tech.slashdot.org/story/19/12/22/007216/dns-over-https-not-as-private-as-some-think?utm_source=rss1.0mainlinkanon&utm_medium=feed