zlacker

[parent] [thread] 1 comments
1. jeroen+(OP)[view] [source] 2023-08-02 14:36:23
I've talked to some people working for the .nl TLD. They collect logs on DNS requests for every .nl domain to mine data about phishing websites and online scams. They're not using the EDNS information as far as I know (that would be very very illegal) and I don't know what the introduction of the GDPR has done to their research, but TLDs not limited by privacy laws such as American companies can do whatever they want.

It's not just the website's DNS server that received your subnet information; it's every single location in the chain of DNS resolvers. That includes TLD servers run by data mining companies. Does Verisign need to know that 2001:2345:6789::abcd is looking for news.ycombinator.com?

With caching in place these methods of data gathering aren't all-encompassing, but if you visit some new or uncommon domains you'll be more likely to become part of the dataset.

replies(1): >>Arnavi+my
2. Arnavi+my[view] [source] 2023-08-02 17:03:47
>>jeroen+(OP)
>Does Verisign need to know that 2001:2345:6789::abcd is looking for news.ycombinator.com?

Verizon wouldn't know that even with ECS, because ECS only needs to include the subnet prefix of the length that the client (Cloudflare's recursive resolver in this case) is willing to give out. There is no benefit and only harm to the client if it gives out the whole IP, and indeed it is called out as a bad idea in the ECS RFC.

[go to top]