[tor-bugs] #30753 [Applications/Tor Browser]: Think about using DNS over HTTPS for Tor Browser 9

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 4 13:33:36 UTC 2019


#30753: Think about using DNS over HTTPS for Tor Browser 9
------------------------------------------+----------------------
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  task                      |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  ff68-esr
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Right now we have DNS over HTTPS (DoH) not enabled in Tor Browser but we
 should think about whether we should do that.
 https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ has
 some good illustration about this feature

 Some pros
 - it cuts out some potential for messing with DNS queries
 - it should help mitigating the DNS proxy leak threat inherent to using a
 SOCKS proxy
 - it might help with the attacks mentioned in "The Effect of DNS on Tor's
 Anonymity" (https://nymity.ch/tor-dns/tor-dns.pdf)
 ...

 Some cons
 - it adds a central party seeing all Tor Browser users's DNS requests
 (even though a lot of DNS queries (about 40%) go to Google already
 according to the above mentioned paper that's not 100%)
 - it might add latency
 - First Party Isolation of the requests and the cache might need to get
 added
 ...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30753>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list