undefined | Better HN

0 pointsred0point7y ago0 comments

Cool project! I'd wish I had so much dedication for implementing this at home :)

You could also take inspiration from the NSA and actually perform random DNS queries & HTTP requests to various sites to disguise the true queries.

Another improvement would be actually offloading the resolver to another location via a VPN and querying from there.

0 comments

2 comments · 1 top-level

DrPhish7y ago· 1 in thread

Thanks!

Random queries sound like a good extra tactic. It would prevent any of my 6 (unrelated afaik) DNSCrypt proxies from knowing with certainly about where I'm going. The queries would have to be somewhat credible and randomly timed to stop the noise from being easy to filter out, but that doesn't seem insurmountable.

I think the VPN aspect is already taken care of by making all queries via those independent proxies. Is there something else a VPN would help with that I'm missing?

red0pointOP7y ago

Essentially, you're now not only trusting 1 entity but 6 - if any of those 6 will log / leak data, you're offering them 1/6th of your traffic. The probability of that happening is significantly larger than using only a single provider (if you want to calculate it, there's the Binomial Distribution).

That being said, if any of those providers would then leak your traffic patterns, all the attacker would get is your VPN IP address and not your home IP address. So essentially, you're making it even harder to correlate DNS queries to you.

j / k navigate · click thread line to collapse