{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T12:22:24Z","timestamp":1775737344677,"version":"3.50.1"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2020,7,22]],"date-time":"2020-07-22T00:00:00Z","timestamp":1595376000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGCOMM Comput. Commun. Rev."],"published-print":{"date-parts":[[2020,7,22]]},"abstract":"Knowing domain names associated with traffic allows eavesdroppers to profile users without accessing packet payloads. Encrypting domain names transiting the network is, therefore, a key step to increase network confidentiality. Latest efforts include encrypting the TLS Server Name Indication (eSNI extension) and encrypting DNS traffic, with DNS over HTTPS (DoH) representing a prominent proposal. In this paper, we show that an attacker able to observe users' traffic relying on plain-text DNS can uncover the domain names of users relying on eSNI or DoH. By relying on large-scale network traces, we show that simplistic features and off-the-shelf machine learning models are sufficient to achieve surprisingly high precision and recall when recovering encrypted domain names. The triviality of the attack calls for further actions to protect privacy, in particular considering transient scenarios in which only a fraction of users will adopt these new privacy-enhancing technologies.<\/jats:p>","DOI":"10.1145\/3411740.3411743","type":"journal-article","created":{"date-parts":[[2020,7,22]],"date-time":"2020-07-22T22:16:55Z","timestamp":1595456215000},"page":"16-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["Does domain name encryption increase users' privacy?"],"prefix":"10.1145","volume":"50","author":[{"given":"Martino","family":"Trevisan","sequence":"first","affiliation":[{"name":"Politecnico di Torino, Italy"}]},{"given":"Francesca","family":"Soro","sequence":"additional","affiliation":[{"name":"Politecnico di Torino, Italy"}]},{"given":"Marco","family":"Mellia","sequence":"additional","affiliation":[{"name":"Politecnico di Torino, Italy"}]},{"given":"Idilio","family":"Drago","sequence":"additional","affiliation":[{"name":"University of Turin, Italy"}]},{"given":"Ricardo","family":"Morla","sequence":"additional","affiliation":[{"name":"University of Porto, Portugal"}]}],"member":"320","published-online":{"date-parts":[[2020,7,22]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"crossref","unstructured":"B. Anderson and D. McGrew. 2019. TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior (Proc. of the IMC). 379--392. B. Anderson and D. McGrew. 2019. TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior (Proc. of the IMC). 379--392.","DOI":"10.1145\/3355369.3355601"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714627"},{"key":"e_1_2_1_3_1","volume-title":"Rescue: Discerning Content and Services in a Tangled Web (Proc. of the IMC). 413--426.","author":"Bermudez I.","year":"2012","unstructured":"I. Bermudez , M. Mellia , M. Munaf\u00f2 , R. Keralapura , and A. Nucci . 2012 . DNS to the Rescue: Discerning Content and Services in a Tangled Web (Proc. of the IMC). 413--426. I. Bermudez, M. Mellia, M. Munaf\u00f2, R. Keralapura, and A. Nucci. 2012. DNS to the Rescue: Discerning Content and Services in a Tangled Web (Proc. of the IMC). 413--426."},{"key":"e_1_2_1_4_1","doi-asserted-by":"crossref","unstructured":"S. Bhat D. Lu A. Kwon and S. Devadas. 2019. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning (Proc. of the PET). 292--310. S. Bhat D. Lu A. Kwon and S. Devadas. 2019. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning (Proc. of the PET). 292--310.","DOI":"10.2478\/popets-2019-0070"},{"key":"e_1_2_1_5_1","doi-asserted-by":"crossref","unstructured":"T. B\u00f6ttger F. Cuadrado G. Antichi E. Fernandes G. Tyson I. Castro and S. Uhlig. 2019. An Empirical Study of the Cost of DNS-over-HTTPS (Proc. of the IMC). 15--21. T. B\u00f6ttger F. Cuadrado G. Antichi E. Fernandes G. Tyson I. Castro and S. Uhlig. 2019. An Empirical Study of the Cost of DNS-over-HTTPS (Proc. of the IMC). 15--21.","DOI":"10.1145\/3355369.3355575"},{"key":"e_1_2_1_6_1","volume-title":"Technical Report 7528. RFC Editor","author":"Farrell S.","year":"2014","unstructured":"S. Farrell and H. Tschofenig . 2014 . Pervasive Monitoring Is an Attack . Technical Report 7528. RFC Editor . S. Farrell and H. Tschofenig. 2014. Pervasive Monitoring Is an Attack. Technical Report 7528. RFC Editor."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2551203"},{"key":"e_1_2_1_8_1","volume-title":"Proc. of the 2015 27th International Teletraffic Congress. 19--27","author":"Giordano D.","unstructured":"D. Giordano , S. Traverso , L. Grimaudo , M. Mellia , E. Baralis , A. Tongaonkar , and S. Saha . 2015. YouLighter: An Unsupervised Methodology to Unveil YouTube CDN Changes . In Proc. of the 2015 27th International Teletraffic Congress. 19--27 . D. Giordano, S. Traverso, L. Grimaudo, M. Mellia, E. Baralis, A. Tongaonkar, and S. Saha. 2015. YouLighter: An Unsupervised Methodology to Unveil YouTube CDN Changes. In Proc. of the 2015 27th International Teletraffic Congress. 19--27."},{"key":"e_1_2_1_9_1","doi-asserted-by":"crossref","unstructured":"R. Gonzalez C. Soriente and N. Laoutaris. 2016. User Profiling in the Time of HTTPS (Proc. of the IMC). 373--379. R. Gonzalez C. Soriente and N. Laoutaris. 2016. User Profiling in the Time of HTTPS (Proc. of the IMC). 373--379.","DOI":"10.1145\/2987443.2987451"},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"X. Gu M. Yang and J. Luo. 2015. A Novel Website Fingerprinting Attack against Multi-tab Browsing Behavior (Proc. of the CSCWD). 234--239. X. Gu M. Yang and J. Luo. 2015. A Novel Website Fingerprinting Attack against Multi-tab Browsing Behavior (Proc. of the CSCWD). 234--239.","DOI":"10.1109\/CSCWD.2015.7230964"},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"A. Hintz. 2003. Fingerprinting Websites using Traffic Analysis (Proc. of the PET). 171--178. A. Hintz. 2003. Fingerprinting Websites using Traffic Analysis (Proc. of the PET). 171--178.","DOI":"10.1007\/3-540-36467-6_13"},{"key":"e_1_2_1_13_1","doi-asserted-by":"crossref","unstructured":"R. Houser Z. Li C. Cotton and H. Wang. 2019. An Investigation on Information Leakage of DNS over TLS (Proc. of the CoNEXT). R. Houser Z. Li C. Cotton and H. Wang. 2019. An Investigation on Information Leakage of DNS over TLS (Proc. of the CoNEXT).","DOI":"10.1145\/3359989.3365429"},{"key":"e_1_2_1_14_1","volume-title":"Technical Report 7858. RFC Editor","author":"Hu Z.","year":"2016","unstructured":"Z. Hu , L. Zhu , J. Heidemann , A. Mankin , D. Wessels , and P. Hoffman . 2016 . Specification for DNS over Transport Layer Security (TLS) . Technical Report 7858. RFC Editor . Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). Technical Report 7858. RFC Editor."},{"key":"e_1_2_1_15_1","unstructured":"M. Lescisin and Q. Mahmoud. 2018. Tools for Active and Passive Network Side-Channel Detection for Web Applications (Proc. of the WOOT). M. Lescisin and Q. Mahmoud. 2018. Tools for Active and Passive Network Side-Channel Detection for Web Applications (Proc. of the WOOT)."},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"C. Lu B. Liu Z. Li S. Hao H. Duan M. Zhang C. Leng Y. Liu Z. Zhang and J. Wu. 2019. An End-to-End Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? (Proc. of the IMC). 22--35. C. Lu B. Liu Z. Li S. Hao H. Duan M. Zhang C. Leng Y. Liu Z. Zhang and J. Wu. 2019. An End-to-End Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? (Proc. of the IMC). 22--35.","DOI":"10.1145\/3355369.3355580"},{"key":"e_1_2_1_17_1","volume-title":"Clinic: Risks and Realization of HTTPS Traffic Analysis (Proc. of the PET). 143--163.","author":"Miller B.","year":"2014","unstructured":"B. Miller , L. Huang , A. Joseph , and J. Tygar . 2014 . I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis (Proc. of the PET). 143--163. B. Miller, L. Huang, A. Joseph, and J. Tygar. 2014. I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis (Proc. of the PET). 143--163."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2016.01.013"},{"key":"e_1_2_1_19_1","doi-asserted-by":"crossref","unstructured":"D. Naylor A. Finamore I. Leontiadis Y. Grunenberger M. Mellia M. Munaf\u00f2 K. Papagiannaki and P. Steenkiste. 2014. The Cost of the \"S\" in HTTPS (Proc. of the CoNEXT). 133--140. D. Naylor A. Finamore I. Leontiadis Y. Grunenberger M. Mellia M. Munaf\u00f2 K. Papagiannaki and P. Steenkiste. 2014. The Cost of the \"S\" in HTTPS (Proc. of the CoNEXT). 133--140.","DOI":"10.1145\/2674005.2674991"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/1953048.2078195"},{"key":"e_1_2_1_21_1","unstructured":"D. Plonka and P. Barford. 2011. Flexible Traffic and Host Profiling via DNS Rendezvous (Proc. of the SATIN). 1--8. D. Plonka and P. Barford. 2011. Flexible Traffic and Host Profiling via DNS Rendezvous (Proc. of the SATIN). 1--8."},{"key":"e_1_2_1_22_1","unstructured":"E. Rescorla K. Oku N. Sullivan and C. Wood. 2019. Encrypted Server Name Indication for TLS 1.3. Technical Report draft-ietf-tls-esni-04. RFC Editor. E. Rescorla K. Oku N. Sullivan and C. Wood. 2019. Encrypted Server Name Indication for TLS 1.3. Technical Report draft-ietf-tls-esni-04. RFC Editor."},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","unstructured":"V. Rimmer D. Preuveneers M. Juarez T. Van Goethem and W. Joosen. 2018. Automated Website Fingerprinting through Deep Learning (Proc. of the NDSS). V. Rimmer D. Preuveneers M. Juarez T. Van Goethem and W. Joosen. 2018. Automated Website Fingerprinting through Deep Learning (Proc. of the NDSS).","DOI":"10.14722\/ndss.2018.23105"},{"key":"e_1_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Y. Shi and S. Biswas. 2014. Website Fingerprinting using Traffic Analysis of Dynamic Webpages (Proc. of the GLOBECOM). 557--563. Y. Shi and S. Biswas. 2014. Website Fingerprinting using Traffic Analysis of Dynamic Webpages (Proc. of the GLOBECOM). 557--563.","DOI":"10.1109\/GLOCOM.2014.7036866"},{"key":"e_1_2_1_25_1","doi-asserted-by":"crossref","unstructured":"S. Siby M. Juarez C. Diaz N. Vallina-Rodriguez and C. Troncoso. 2020. Encrypted DNS-> Privacy? A Traffic Analysis Perspective (Proc. of the NDSS). S. Siby M. Juarez C. Diaz N. Vallina-Rodriguez and C. Troncoso. 2020. Encrypted DNS-> Privacy? A Traffic Analysis Perspective (Proc. of the NDSS).","DOI":"10.14722\/ndss.2020.24301"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243768"},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"M. Trevisan I. Drago M. Mellia and M. Munafo. 2016. Towards Web Service Classification using Addresses and DNS (Proc. of the TRAC). 38--43. M. Trevisan I. Drago M. Mellia and M. Munafo. 2016. Towards Web Service Classification using Addresses and DNS (Proc. of the TRAC). 38--43.","DOI":"10.1109\/IWCMC.2016.7577030"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2017.1600756CM"},{"key":"e_1_2_1_29_1","doi-asserted-by":"crossref","unstructured":"L. Vassio D. Giordano M. Trevisan M. Mellia and A. Silva. 2017. Users' Fingerprinting Techniques from TCP Traffic (Proc. of the Big-DAMA). 49--54. L. Vassio D. Giordano M. Trevisan M. Mellia and A. Silva. 2017. Users' Fingerprinting Techniques from TCP Traffic (Proc. of the Big-DAMA). 49--54.","DOI":"10.1145\/3098593.3098602"},{"key":"e_1_2_1_30_1","unstructured":"T. Wang X. Cai R. Nithyanand R. Johnson and I. Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting (Proc. of the USENIX Security). 143--157. T. Wang X. Cai R. Nithyanand R. Johnson and I. Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting (Proc. of the USENIX Security). 143--157."}],"container-title":["ACM SIGCOMM Computer Communication Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411740.3411743","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3411740.3411743","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:39Z","timestamp":1750197759000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3411740.3411743"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,22]]},"references-count":29,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,7,22]]}},"alternative-id":["10.1145\/3411740.3411743"],"URL":"https:\/\/doi.org\/10.1145\/3411740.3411743","relation":{},"ISSN":["0146-4833"],"issn-type":[{"value":"0146-4833","type":"print"}],"subject":[],"published":{"date-parts":[[2020,7,22]]},"assertion":[{"value":"2020-07-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}