{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T10:03:03Z","timestamp":1766484183053},"reference-count":84,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2021,7,23]],"date-time":"2021-07-23T00:00:00Z","timestamp":1626998400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The Internet\u2019s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public large-scale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols\u2019 performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.<\/jats:p>","DOI":"10.2478\/popets-2021-0085","type":"journal-article","created":{"date-parts":[[2021,7,24]],"date-time":"2021-07-24T23:19:21Z","timestamp":1627168761000},"page":"575-592","source":"Crossref","is-referenced-by-count":22,"title":["Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS"],"prefix":"10.56553","volume":"2021","author":[{"given":"Sudheesh","family":"Singanamalla","sequence":"first","affiliation":[{"name":"University of Washington , and Cloudflare Inc. Sudheesh was with Cloudflare Inc. while doing this work."}]},{"given":"Suphanat","family":"Chunhapanya","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]},{"given":"Jonathan","family":"Hoyland","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]},{"given":"Marek","family":"Vavru\u0161a","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]},{"given":"Tanya","family":"Verma","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]},{"given":"Peter","family":"Wu","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]},{"given":"Marwan","family":"Fayed","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]},{"given":"Kurtis","family":"Heimerl","sequence":"additional","affiliation":[{"name":"University of Washington"}]},{"given":"Nick","family":"Sullivan","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]},{"given":"Christopher","family":"Wood","sequence":"additional","affiliation":[{"name":"Cloudflare Inc."}]}],"member":"35752","published-online":{"date-parts":[[2021,7,23]]},"reference":[{"key":"2022051409225965009_j_popets-2021-0085_ref_001","unstructured":"[1] ODoH Analysis Tamarin Model. https:\/\/github.com\/cloudflare\/odoh-analysis."},{"key":"2022051409225965009_j_popets-2021-0085_ref_002","unstructured":"[2] ODoH Artifacts. https:\/\/github.com\/sudheesh001\/ODoH-Artifacts."},{"key":"2022051409225965009_j_popets-2021-0085_ref_003","unstructured":"[3] N Aifardan, D Bernstein, K Paterson, B Poettering, and J Schuldt. On the security of RC4 in TLS and WPA. In USENIX Security, 2013."},{"key":"2022051409225965009_j_popets-2021-0085_ref_004","doi-asserted-by":"crossref","unstructured":"[4] Michael Backes, Aniket Kate, Praveen Manoharan, Sebastian Meiser, and Esfandiar Mohammadi. AnoA: A Framework for Analyzing Anonymous Communication Protocols. In 2013 IEEE 26th Computer Security Foundations Symposium, pages 163\u2013178, 2013.10.1109\/CSF.2013.18","DOI":"10.1109\/CSF.2013.18"},{"key":"2022051409225965009_j_popets-2021-0085_ref_005","unstructured":"[5] Kenji Baheux. Chromium blog: A safer and more private browsing experience with secure DNS. https:\/\/blog.chromium.org\/2020\/05\/a-safer-and-more-private-browsing-DoH.html, 05 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_006","doi-asserted-by":"crossref","unstructured":"[6] Richard Barnes, Karthikeyan Bhargavan, Benjamin Lipp, and Christopher A. Wood. Hybrid Public Key Encryption. Internet-Draft draft-irtf-cfrg-hpke-08, Internet Engineering Task Force, February 2021. Work in Progress.10.17487\/RFC9180","DOI":"10.17487\/RFC9180"},{"key":"2022051409225965009_j_popets-2021-0085_ref_007","unstructured":"[7] Daniel J Bernstein. DNSCurve: Usable security for DNS. dnscurve.org, 4, 2009."},{"key":"2022051409225965009_j_popets-2021-0085_ref_008","doi-asserted-by":"crossref","unstructured":"[8] Oliver Berthold, Hannes Federrath, and Stefan K\u00f6psell. Web MIXes: A system for anonymous and unobservable Internet access. In Designing privacy enhancing technologies, pages 115\u2013129. Springer, 2001.10.1007\/3-540-44702-4_7","DOI":"10.1007\/3-540-44702-4_7"},{"key":"2022051409225965009_j_popets-2021-0085_ref_009","doi-asserted-by":"crossref","unstructured":"[9] Kevin Borgolte, Tithi Chattopadhyay, Nick Feamster, Mihir Kshirsagar, Jordan Holland, Austin Hounsel, and Paul Schmitt. How DNS over HTTPS is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem. Performance, and Policy in the Internet Ecosystem (July 27, 2019), 2019.10.2139\/ssrn.3427563","DOI":"10.2139\/ssrn.3427563"},{"key":"2022051409225965009_j_popets-2021-0085_ref_010","doi-asserted-by":"crossref","unstructured":"[10] Stephane Bortzmeyer. DNS privacy considerations. Work in Progress, draft-ietf-dprive-problem-statement-06, 1, 2015.10.17487\/RFC7626","DOI":"10.17487\/RFC7626"},{"key":"2022051409225965009_j_popets-2021-0085_ref_011","doi-asserted-by":"crossref","unstructured":"[11] Stephane Bortzmeyer. Dns query name minimisation to improve privacy. RFC7816, 2016.10.17487\/RFC7816","DOI":"10.17487\/RFC7816"},{"key":"2022051409225965009_j_popets-2021-0085_ref_012","doi-asserted-by":"crossref","unstructured":"[12] Timm B\u00f6ttger, Felix Cuadrado, Gianni Antichi, Eder Le\u00e3o Fernandes, Gareth Tyson, Ignacio Castro, and Steve Uhlig. An Empirical Study of the Cost of DNS-over-HTTPS. In Proceedings of the Internet Measurement Conference, pages 15\u201321, 2019.10.1145\/3355369.3355575","DOI":"10.1145\/3355369.3355575"},{"key":"2022051409225965009_j_popets-2021-0085_ref_013","unstructured":"[13] BraveDNS. BraveDNS - A fast, secure, configurable, private DNS + Firewall for Android. https:\/\/www.bravedns.com\/. (Accessed on 09\/16\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_014","doi-asserted-by":"crossref","unstructured":"[14] Nevil Brownlee, Kimberly C Claffy, and Evi Nemeth. DNS measurements at a root server. In GLOBECOM\u201901. IEEE Global Telecommunications Conference (Cat. No. 01CH37270), volume 3, pages 1672\u20131676. IEEE, 2001.","DOI":"10.1109\/GLOCOM.2001.965864"},{"key":"2022051409225965009_j_popets-2021-0085_ref_015","doi-asserted-by":"crossref","unstructured":"[15] Sergio Castillo-Perez and Joaquin Garcia-Alfaro. Evaluation of two privacy-preserving protocols for the DNS. In 2009 Sixth International Conference on Information Technology: New Generations, pages 411\u2013416. IEEE, 2009.10.1109\/ITNG.2009.195","DOI":"10.1109\/ITNG.2009.195"},{"key":"2022051409225965009_j_popets-2021-0085_ref_016","unstructured":"[16] A Chau and S Hertzberg. California Consumer Privacy Act of 2018 1798.140 (v). https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.140., 2018. (Accessed on 02\/27\/2021)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_017","unstructured":"[17] Google Cloud. App Engine Application Platform - Google Cloud. https:\/\/cloud.google.com\/appengine. (Accessed on 02\/27\/2021)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_018","unstructured":"[18] Google Cloud. Google Compute Engine - Machine Types. https:\/\/cloud.google.com\/compute\/docs\/machine-types. (Accessed on 09\/16\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_019","unstructured":"[19] Cloudflare. Cloudflare Workers\u00ae. https:\/\/workers.cloudflare.com\/. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_020","unstructured":"[20] Cloudflare. DNS over Tor | Cloudflare Developer Docs. https:\/\/developers.cloudflare.com\/1.1.1.1\/fun-stuff\/dns-over-tor\/. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_021","unstructured":"[21] Cloudflare. Argo Tunnel Client. https:\/\/github.com\/cloudflare\/cloudflared, 2020."},{"key":"2022051409225965009_j_popets-2021-0085_ref_022","doi-asserted-by":"crossref","unstructured":"[22] Cas Cremers and Martin Dehnel-Wild. Component-based formal analysis of 5G-AKA: Channel assumptions and session confusion. In Network and Distributed Systems Security (NDSS) Symposium 2019, February 2019.10.14722\/ndss.2019.23394","DOI":"10.14722\/ndss.2019.23394"},{"key":"2022051409225965009_j_popets-2021-0085_ref_023","doi-asserted-by":"crossref","unstructured":"[23] Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. A comprehensive symbolic analysis of TLS 1.3. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 1773\u20131788, 2017.10.1145\/3133956.3134063","DOI":"10.1145\/3133956.3134063"},{"key":"2022051409225965009_j_popets-2021-0085_ref_024","unstructured":"[24] Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, and Aniket Kate. Anonymity trilemma: Strong anonymity, low bandwidth overhead, low latency - choose two. In 2018 IEEE Symposium on Security and Privacy (SP), pages 108\u2013126, 2018."},{"key":"2022051409225965009_j_popets-2021-0085_ref_025","doi-asserted-by":"crossref","unstructured":"[25] Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, and Aniket Kate. Comprehensive anonymity trilemma: User coordination is not enough. Proceedings on Privacy Enhancing Technologies, 2020(3):356\u2013383, 2020.","DOI":"10.2478\/popets-2020-0056"},{"key":"2022051409225965009_j_popets-2021-0085_ref_026","doi-asserted-by":"crossref","unstructured":"[26] Alex Davidson, Ian Goldberg, Nick Sullivan, George Tanker-sley, and Filippo Valsorda. Privacy pass: Bypassing internet challenges anonymously. Proceedings on Privacy Enhancing Technologies, 2018(3):164\u2013180, 2018.","DOI":"10.1515\/popets-2018-0026"},{"key":"2022051409225965009_j_popets-2021-0085_ref_027","unstructured":"[27] Selena Deckelmann. Firefox continues push to bring DNS over HTTPS by default for US users - The Mozilla Blog. https:\/\/blog.mozilla.org\/blog\/2020\/02\/25\/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users\/, 02 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_028","unstructured":"[28] Frank Denis. Anonymized DNSCrypt specification. https:\/\/github.com\/DNSCrypt\/dnscrypt-protocol\/blob\/master\/ANONYMIZED-DNSCRYPT.txt, 06 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_029","unstructured":"[29] Frank Denis and Contributors. A flexible DNS proxy, with support for encrypted DNS protocols. https:\/\/github.com\/DNSCrypt\/dnscrypt-proxy\/. (Accessed on 09\/17\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_030","unstructured":"[30] Apple Developer. DNS Proxy Provider | Apple Developer Documentation. https:\/\/developer.apple.com\/documentation\/networkextension\/dns_proxy_provider. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_031","unstructured":"[31] Apple Developer. Enable encrypted DNS - WWDC 2020. ht tps:\/\/developer.apple.com\/videos\/play\/wwdc2020\/10047\/. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_032","unstructured":"[32] Google DNS. Your Privacy - Public DNS - Google Developers. https:\/\/developers.google.com\/speed\/public-dns\/privacy. (Accessed on 02\/27\/2021)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_033","doi-asserted-by":"crossref","unstructured":"[33] Danny Dolev and Andrew Yao. On the security of public key protocols. IEEE Transactions on information theory, 29(2):198\u2013208, 1983.10.1109\/TIT.1983.1056650","DOI":"10.1109\/TIT.1983.1056650"},{"key":"2022051409225965009_j_popets-2021-0085_ref_034","doi-asserted-by":"crossref","unstructured":"[34] Ralph Droms. RFC2131: Dynamic Host Configuration Protocol, 1997.10.17487\/rfc2131","DOI":"10.17487\/rfc2131"},{"key":"2022051409225965009_j_popets-2021-0085_ref_035","unstructured":"[35] Facebook. DNS Over HTTPS Proxy | Facebook. https:\/\/github.com\/facebookexperimental\/doh-proxy, 2020."},{"key":"2022051409225965009_j_popets-2021-0085_ref_036","doi-asserted-by":"crossref","unstructured":"[36] Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann, and Christopher Piosecny. Privacy-preserving DNS: analysis of broadcast, range queries and mix-based protection methods. In European Symposium on Research in Computer Security, pages 665\u2013683. Springer, 2011.10.1007\/978-3-642-23822-2_36","DOI":"10.1007\/978-3-642-23822-2_36"},{"key":"2022051409225965009_j_popets-2021-0085_ref_037","doi-asserted-by":"crossref","unstructured":"[37] Mich\u00e8le Finck and Frank Pallas. They who must not be identified\u2014distinguishing personal from non-personal data under the GDPR. International Data Privacy Law, 10(1):11\u201336, 03 2020.10.1093\/idpl\/ipz026","DOI":"10.1093\/idpl\/ipz026"},{"key":"2022051409225965009_j_popets-2021-0085_ref_038","unstructured":"[38] Frank Denis and Yecheng Fu. DNSCrypt: A protocol to improve DNS security. https:\/\/www.dnscrypt.org\/, 02 2021. (Accessed on 02\/20\/2021)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_039","unstructured":"[39] Google. DNS-over-HTTPS (DoH) | Public DNS | Google Developers. https:\/\/developers.google.com\/speed\/public-dns\/docs\/doh. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_040","unstructured":"[40] Google. crypto\/hpke - boringssl - Git at Google. https:\/\/boringssl.googlesource.com\/boringssl\/+\/refs\/heads\/master\/crypto\/hpke\/, 07 2020. (Accessed on 09\/17\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_041","unstructured":"[41] John Graham-Cumming. Announcing the Results of the 1.1.1.1 Public DNS Resolver Privacy Examination. https:\/\/blog.cloudflare.com\/announcing-the-results-of-the-1-1-1-1-public-dns-resolver-privacy-examination\/, 03 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_042","doi-asserted-by":"crossref","unstructured":"[42] Benjamin Greschbach, Tobias Pulls, Laura M Roberts, Philipp Winter, and Nick Feamster. The effect of DNS on Tor\u2019s anonymity. arXiv preprint arXiv:1609.08187, 2016.","DOI":"10.14722\/ndss.2017.23311"},{"key":"2022051409225965009_j_popets-2021-0085_ref_043","unstructured":"[43] Christian Grothoff, Matthias Wachs, Monika Ermert, and Jacob Appelbaum. NSA\u2019s morecowbell: Knell for dns, 2015."},{"key":"2022051409225965009_j_popets-2021-0085_ref_044","unstructured":"[44] Ansel Herz. Judge Who Authorized Police Search of Seattle Privacy Activists Wasn\u2019t Told They Operate Tor Network. https:\/\/web.archive.org\/web\/20191210114929\/ https:\/\/www.thestranger.com\/slog\/2016\/04\/08\/23914735\/judge-who-authorized-police-search-of-seattle-privacy-activists-wasnt-told-they-operate-tor-network\/, 04 2016. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_045","doi-asserted-by":"crossref","unstructured":"[45] Paul Hoffman and Patrick McManus. DNS queries over HTTPS (DoH). Internet Requests for Comments, IETF, RFC, 8484, 2018.10.17487\/RFC8484","DOI":"10.17487\/RFC8484"},{"key":"2022051409225965009_j_popets-2021-0085_ref_046","unstructured":"[46] Pi Hole. Pi-hole \u2013 A black hole for Internet advertisements. https:\/\/pi-hole.net\/. (Accessed on 09\/16\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_047","unstructured":"[47] Austin Hounsel, Paul Schmitt, Kevin Borgolte, and Nick Feamster. Measuring the Performance of Encrypted DNS Protocols from Broadband Access Networks, 2020."},{"key":"2022051409225965009_j_popets-2021-0085_ref_048","doi-asserted-by":"crossref","unstructured":"[48] Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels, and Paul Hoffman. Specification for DNS over transport layer security (TLS). IETF RFC7858, May, 2016.10.17487\/RFC7858","DOI":"10.17487\/RFC7858"},{"key":"2022051409225965009_j_popets-2021-0085_ref_049","doi-asserted-by":"crossref","unstructured":"[49] Mei Lin Hui and Gavin Lowe. Fault-preserving simplifying transformations for security protocols. Journal of Computer Security, 9(1-2):3\u201346, 2001.10.3233\/JCS-2001-91-202","DOI":"10.3233\/JCS-2001-91-202"},{"key":"2022051409225965009_j_popets-2021-0085_ref_050","unstructured":"[50] Franziskus Kiefer. Improving AES-GCM Performance -Mozilla Security Blog. https:\/\/blog.mozilla.org\/security\/2017\/09\/29\/improving-aes-gcm-performance\/, 09 2017. (Accessed on 09\/16\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_051","unstructured":"[51] E. Kinnear, P. McManus, T. Pauly, and C. Wood. Oblivious DNS Over HTTPS\u2013IETF Draft. https:\/\/tools.ietf.org\/html\/draft-pauly-dprive-oblivious-doh-01, 2019."},{"key":"2022051409225965009_j_popets-2021-0085_ref_052","unstructured":"[52] Erik Kline. DNS over TLS support in Android P Developer Preview. https:\/\/android-developers.googleblog.com\/2018\/04\/dns-over-tls-support-in-android-p.html, 04 2018. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_053","unstructured":"[53] Ulf Lamping and Ed Warnicke. Wireshark user\u2019s guide. Interface, 4(6):1, 2004."},{"key":"2022051409225965009_j_popets-2021-0085_ref_054","unstructured":"[54] Brandon LeBlanc. Announcing windows 10 insider preview build 20185. https:\/\/blogs.windows.com\/windows-insider\/2020\/08\/05\/announcing-windows-10-insider-preview-build-20185\/, 08 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_055","unstructured":"[55] Ken Lo. Download Speeds: Comparing 2G, 3G, 4G & 5G Mobile Networks. https:\/\/kenstechtips.com\/index.php\/download-speeds-2g-3g-and-4g-actual-meaning, 11 2018. (Accessed on 09\/16\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_056","unstructured":"[56] Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, and Jianping Wu. An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come? In Proceedings of the Internet Measurement Conference, pages 22\u201335, 2019."},{"key":"2022051409225965009_j_popets-2021-0085_ref_057","unstructured":"[57] Electronic Frontier Foundation Marcia Hoffmann. Why IP Addresses Alone Don\u2019t Identify Criminals. https:\/\/www.eff.org\/deeplinks\/2011\/08\/why-ip-addresses-alone-dont-identify-criminals, 08 2011. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_058","doi-asserted-by":"crossref","unstructured":"[58] Erika McCallister, Tim Grance, and Karen Scarfone. Guide to protecting the confidentiality of Personally Identifiable Information (PII): Recommendations of the National Institute of Standards and Technology. NIST special publication; 800-122. Computer security. U.S. Dept. of Commerce, National Institute of Standards and Technology, Gaithersburg, MD, 2010.10.6028\/NIST.SP.800-122","DOI":"10.6028\/NIST.SP.800-122"},{"key":"2022051409225965009_j_popets-2021-0085_ref_059","unstructured":"[59] Mozilla. Comcast\u2019s Xfinity Internet Service Joins Firefox\u2019s Trusted Recursive Resolver Program - The Mozilla Blog. https:\/\/blog.mozilla.org\/blog\/2020\/06\/25\/comcasts-xfinity-internet-service-joins-firefoxs-trusted-recursive-resolver-program\/, 06 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_060","unstructured":"[60] Mozilla. Mozilla Policy Requirements for DNS over HTTPs Partners. https:\/\/wiki.mozilla.org\/Security\/DOH-resolver-policy, 09 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_061","unstructured":"[61] Alec Muffet. No Port 53, Who Dis?; A Year of DNS over HTTPS over Tor. In NDSS DNS Privacy Workshop, 02 2021."},{"key":"2022051409225965009_j_popets-2021-0085_ref_062","unstructured":"[62] Alec Muffett. DoHoT: making practical use of DNS over HTTPS over Tor. https:\/\/github.com\/alecmuffett\/dohot, 07 2020. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_063","unstructured":"[63] NIST. NVD - CVE-2013-2566. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-2566, 03 2013. (Accessed on 09\/16\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_064","unstructured":"[64] Jan Odvarko. HAR 1.2 Spec. http:\/\/www.softwareishard.com\/blog\/har-12-spec\/. (Accessed on 02\/28\/2021)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_065","doi-asserted-by":"crossref","unstructured":"[65] Victor Le Pochat, Tom Van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczy\u00abski, and Wouter Joosen. Tranco: A research-oriented top sites ranking hardened against manipulation. Network and Distributed Systems Security (NDSS) Symposium, 2019.10.14722\/ndss.2019.23386","DOI":"10.14722\/ndss.2019.23386"},{"key":"2022051409225965009_j_popets-2021-0085_ref_066","unstructured":"[66] Matthew Prince. Introducing 1.1.1.1 for Families. https:\/\/blog.cloudflare.com\/introducing-1-1-1-1-for-families\/, 2020."},{"key":"2022051409225965009_j_popets-2021-0085_ref_067","unstructured":"[67] Chromium Projects. DNS over HTTPS (aka DoH). https:\/\/www.chromium.org\/developers\/dns-over-https. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_068","unstructured":"[68] DNSCrypt Proxy. Anonymized DNS Wiki. https:\/\/github.com\/DNSCrypt\/dnscrypt-proxy\/wiki\/Anonymized-DNS. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_069","unstructured":"[69] FIPS PUB. Security Requirements for Cryptographic Modules. FIPS PUB, 140, 1994."},{"key":"2022051409225965009_j_popets-2021-0085_ref_070","unstructured":"[70] Reddit Communities. DNS query average : PiHole. https:\/\/www.reddit.com\/r\/pihole\/comments\/a8ngnu\/dns_query_average\/, 12 2018. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_071","doi-asserted-by":"crossref","unstructured":"[71] Benedikt Schmidt, Simon Meier, Cas Cremers, and David Basin. Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties. In Stephen Chong, editor, 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, June 25-27, 2012, pages 78\u201394. IEEE, 2012.10.1109\/CSF.2012.25","DOI":"10.1109\/CSF.2012.25"},{"key":"2022051409225965009_j_popets-2021-0085_ref_072","doi-asserted-by":"crossref","unstructured":"[72] Paul Schmitt, Anne Edmundson, Allison Mankin, and Nick Feamster. Oblivious DNS: Practical Privacy for DNS Queries: Published in PoPETS 2019. In Proceedings of the Applied Networking Research Workshop, ANRW \u201919, page 17\u201319, New York, NY, USA, 2019. Association for Computing Machinery.10.1145\/3340301.3341128","DOI":"10.1145\/3340301.3341128"},{"key":"2022051409225965009_j_popets-2021-0085_ref_073","unstructured":"[73] Benjamin M. Schwartz, Mike Bishop, and Erik Nygren. Service binding and parameter specification via the DNS (DNS SVCB and HTTPS RRs). Internet-Draft draft-ietf-dnsopsvcb-https-03, Internet Engineering Task Force, February 2021. Work in Progress."},{"key":"2022051409225965009_j_popets-2021-0085_ref_074","unstructured":"[74] Milan P Stanic. TC\u2013Traffic Control. Linux QOS Control Tool, 2001."},{"key":"2022051409225965009_j_popets-2021-0085_ref_075","doi-asserted-by":"crossref","unstructured":"[75] Srikanth Sundaresan, Nazanin Magharei, Nick Feamster, Renata Teixeira, and Sam Crawford. Web performance bottlenecks in broadband access networks. In Proceedings of the ACM SIGMETRICS\/international conference on Measurement and modeling of computer systems, pages 383\u2013384, 2013.10.1145\/2494232.2465745","DOI":"10.1145\/2494232.2465745"},{"key":"2022051409225965009_j_popets-2021-0085_ref_076","unstructured":"[76] TracBot. Tor blocked in UAE (#25137) \u00b7 Issues \u00b7 Legacy \/Trac \u00b7 GitLab. https:\/\/gitlab.torproject.org\/legacy\/trac\/-\/issues\/25137, 02 2018. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_077","unstructured":"[77] European Union. What is considered personal data under EU GDPR. https:\/\/gdpr.eu\/eu-gdpr-personal-data\/. (Accessed on 02\/27\/2021)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_078","unstructured":"[78] Upturn. What ISPs Can See. https:\/\/www.upturn.org\/reports\/2016\/what-isps-can-see\/, 03 2016. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_079","unstructured":"[79] Zhiheng Wang. Navigation Timing - World Wide Web Consortium (W3C). https:\/\/www.w3.org\/TR\/navigation-timing\/, 12 2012. (Accessed on 09\/17\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_080","unstructured":"[80] Nicholas Weaver, Christian Kreibich, and Vern Paxson. Redirecting DNS for Ads and Profit. FOCI, 2:2\u20133, 2011."},{"key":"2022051409225965009_j_popets-2021-0085_ref_081","unstructured":"[81] Xynou, Maria, and Filasto, Artur\u00f2. Iran Protests: OONI data confirms censorship events (Part 1) | OONI. https:\/\/ooni.org\/post\/2018-iran-protests\/. (Accessed on 09\/15\/2020)."},{"key":"2022051409225965009_j_popets-2021-0085_ref_082","doi-asserted-by":"crossref","unstructured":"[82] Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. Analysis of privacy disclosure in DNS query. In 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE\u201907), pages 952\u2013957. IEEE, 2007.10.1109\/MUE.2007.84","DOI":"10.1109\/MUE.2007.84"},{"key":"2022051409225965009_j_popets-2021-0085_ref_083","doi-asserted-by":"crossref","unstructured":"[83] Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. Two-servers PIR based DNS query scheme with privacy-preserving. In The 2007 International Conference on Intelligent Pervasive Computing (IPC 2007), pages 299\u2013302. IEEE, 2007.10.1109\/IPC.2007.27","DOI":"10.1109\/IPC.2007.27"},{"key":"2022051409225965009_j_popets-2021-0085_ref_084","doi-asserted-by":"crossref","unstructured":"[84] Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin, and Nikita Somaiya. T-DNS: Connection-oriented DNS to improve privacy and security. ACM SIGCOMM Computer Communication Review, 44(4):379\u2013380, 2014.","DOI":"10.1145\/2740070.2631442"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0085","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T00:10:48Z","timestamp":1725495048000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0085.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,23]]},"references-count":84,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,7,23]]},"published-print":{"date-parts":[[2021,10,1]]}},"alternative-id":["10.2478\/popets-2021-0085"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0085","relation":{},"ISSN":["2299-0984"],"issn-type":[{"type":"electronic","value":"2299-0984"}],"subject":[],"published":{"date-parts":[[2021,7,23]]}}}