Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,249
    • Issues 1,249
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 7
    • Merge requests 7
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #30753

Closed
Open
Created Jun 04, 2019 by Georg Koppen@gkDeveloper

Think about using DNS over HTTPS for Tor Browser

Right now we have DNS over HTTPS (DoH) not enabled in Tor Browser but we should think about whether we should do that. https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ has some good illustration about this feature

Some pros

  • it cuts out some potential for messing with DNS queries
  • it should help mitigating the DNS proxy leak threat inherent to using a SOCKS proxy
  • it might help with the attacks mentioned in "The Effect of DNS on Tor's Anonymity" (https://nymity.ch/tor-dns/tor-dns.pdf) ...

Some cons

  • it adds a central party seeing all Tor Browser users's DNS requests (even though a lot of DNS queries (about 40%) go to Google already according to the above mentioned paper that's not 100%)
  • it might add latency
  • First Party Isolation of the requests and the cache might need to get added ...
Edited Dec 01, 2020 by Matthew Finkel
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking