Comment by blintz
3 years ago
This is a great idea, and we think it would be relatively practical assuming some aggressive caching. However, I couldn’t think of a threat model where this is useful, since presumably your ISP can in the end always see which sites you visit by simply reversing the IPs you connect to.
Do you think that people would want private DNS? I suppose it would still be an improvement over the what we have today, but I’m not sure that it will make it meaningfully harder for ISPs to collect and sell data to advertisers.
On threat models, a malicious DNS server might also be one compromised by a party demanding wiretap access.
Regardless, a person today has a choice of which DNS server to use but they all could track the requests made. Tracking site visits via IP is a different link in that chain.
Would people pay? I don't know, but I could see it being a feature used to different a VPN service from its competitors.
That's a good point, I could see this being a differentiating feature for a VPN provider. The only way to know if people would pay is for someone to offer it, I guess...
With Encrypted Client Hello (ECH) https://en.wikipedia.org/wiki/Server_Name_Indication And large security proxy networks like CloudFlare, ISP cannot no longer know sites only by IP address/tapping traffic.
OCSP would be a good target in the similar space: https://en.m.wikipedia.org/wiki/Online_Certificate_Status_Pr...
I do think OCSP and certificate transparency stuff is a clear application for PIR that makes a lot of sense. There, you currently basically have to volunteer your browsing patterns to a 3rd party (beyond your ISP).
For SCT audits on the browser, see https://www.lightest.eu/static/papers/10-Revisiting%20User%2...
Google’s CT design docs also state PIR Audits as the long term goal, so this would be a good area to focus on. https://docs.google.com/document/d/1G1Jy8LJgSqJ-B673GnTYIG4b...
There are ways to hide IP endpoints from relaying nodes, as well.