[tor-bugs] #30753 [Applications/Tor Browser]: Think about using DNS over HTTPS for Tor Browser 9
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 4 13:33:36 UTC 2019
#30753: Think about using DNS over HTTPS for Tor Browser 9
------------------------------------------+----------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: ff68-esr
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
Right now we have DNS over HTTPS (DoH) not enabled in Tor Browser but we
should think about whether we should do that.
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ has
some good illustration about this feature
Some pros
- it cuts out some potential for messing with DNS queries
- it should help mitigating the DNS proxy leak threat inherent to using a
SOCKS proxy
- it might help with the attacks mentioned in "The Effect of DNS on Tor's
Anonymity" (https://nymity.ch/tor-dns/tor-dns.pdf)
...
Some cons
- it adds a central party seeing all Tor Browser users's DNS requests
(even though a lot of DNS queries (about 40%) go to Google already
according to the above mentioned paper that's not 100%)
- it might add latency
- First Party Isolation of the requests and the cache might need to get
added
...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30753>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list