Jump to content

DNS lookups can reveal every web page you visit, says German boffin


Batu69

Recommended Posts

The fix is simple: turn your modem on and off again to get a new IP address. Or ask your ISP to assign them more often

Domain-name lookups only tell you site visits, not pages viewed, right? Wrong: the interaction between a user and the Domain Name System is more revealing than previously believed, according to a paper from German postdoc researcher Dominik Herrmann.

 

In work published at pre-print server Arxiv (in German – thank you, Google Translate), Herrmann writes that behavioural tracking using recursive name servers is a genuine privacy risk.

 

DNS – the infrastructure that converts, say, www.theregister.co.uk into the IP address 159.100.131.165 – does, of course, reveal which sites a user visits. However, as Herrmann writes, that is an association between the user's public-facing IP address and the requests they make. Since ISPs have to use dynamic IP addresses to cope with the IPv4 address shortage, a user's address changes, making it harder to track them over time.

 

However, Herrmann writes, someone with access to the infrastructure can easily watch a user's behaviour while they have one IP address, create a classifier for that user, and look for behaviour that matches that classifier when the IP address changes.

 

“Each user pursues his interests and preferences while surfing, and ... each user has a unique combination of interests and preferences,” the paper states.

Visits from one IP to Google followed by favourite newspapers, shopping sites, government services or transport are enough to identify a user when they pop up under a different IP, Herrmann reckons, and this “behavioural chaining” doesn't have to rely on tracking cookies.

 

To put this idea to the test, Herrmann ran a naive Bayes classifier over five months of anonymised DNS data from the University of Regensburg, covering thousands of users.

 

In a sample of 3,800 students over two months, behavioural chaining correctly identified 86 per cent of individuals from one IP address to the next; and when the experiment was run for 12,000 students the accuracy remained high, at 76 per cent.

Why worry?

Herrmann offers two observations about why this is more worrying than it may appear first sight. While people will correctly point out that DNS resolves only as far as (for example) www.wikipedia.org – a DNS record doesn't show law enforcement that someone read en.wikipedia.org/wiki/Alcoholism, so their privacy is intact.

 

Not so, he responds: “Many websites produce a so distinctive DNS retrieval pattern” that requests can be recognised “more or less unequivocally.” An analysis of retrieval of 5,000 Wikipedia entries, 6,200 news posts on Heise, and the top 100,000 websites, most pages showed unique demand patterns, he writes.

 

In many countries' data retention regimes, the IP addresses a user visits are recorded, but browser histories are off limits. Herrmann asserts law enforcement to use DNS records, IP address records, and behavioural chaining to reconstruct a more detailed browsing history than most users expect.

 

It can, however, be disrupted by ISPs, should they wish, by refreshing users' IP addresses more frequently. With an hourly change to IP address, Herrmann writes, the reconstruction fails 45 per cent of the time, and at five-minute changes, accuracy drops to 31 per cent – and if the user is inactive for enough intervals, “the trail disappears.”

 

Article source

Link to comment
Share on other sites


  • Replies 4
  • Views 602
  • Created
  • Last Reply
Quote

Since ISPs have to use dynamic IP addresses to cope with the IPv4 address shortage

They never cope with IPv4 shortage by allocating dynamic IP to users. They create MAN and/or WAN over the country.

 

It reminds me that more easily many programs uses different methods to do so, like using cookies or, like vALVE, reading your DNS cache for banning cheaters.

Link to comment
Share on other sites


  • Administrator
8 hours ago, Nastrahl said:

They never cope with IPv4 shortage by allocating dynamic IP to users. They create MAN and/or WAN over the country.

 

It reminds me that more easily many programs uses different methods to do so, like using cookies or, like vALVE, reading your DNS cache for banning cheaters.

 

Well, sometimes I used to wonder why my router got only private IP address assigned to it. Turns out, it's easier for ISPs to manage things this way.

 

Did not know about Steam checking DNS cache though, any explanation on it.

Link to comment
Share on other sites


42 minutes ago, DKT27 said:

Did not know about Steam checking DNS cache though, any explanation on it.

They been doing this  for years here is a article about it from 2014

http://www.ghacks.net/2014/02/16/steams-vac-protection-now-scans-ans-transfers-dns-cache/

I just switch  VPN servers  every  so often  and my VPN  switches my DNS ip too but i reset my modem once or twice a day as well .I been using a VPN since 2011 It's the 1st thing I do is turn it  on when i boot up so I fell naked without it . For what little I do on the internet I never had much trouble and if i do a good dose of TOR fixes it . :P

Link to comment
Share on other sites


  • Administrator
9 minutes ago, steven36 said:

They been doing this  for years here is a article about it from 2014


http://www.ghacks.net/2014/02/16/steams-vac-protection-now-scans-ans-transfers-dns-cache/

I just switch  VPN servers  every  so often  and my VPN  switches my DNS ip too but i reset my modem once or twice a day as well .I been using a VPN since 2011 It's the 1st thing I do is turn it  on when i boot up so I fell naked without it .

 

Thanks for the article.

 

I do not remember the last time I ran displaydns in CMD. Man, so many sites, even some social sites I doubt any sites even has links of them on it.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...