Address book of the Internet can help anyone identify you

What if we told you that DNS could actually be used to track the user online?

According to the paper by Dominik Herrmann, the German researcher, recursive nameservers have monitoring capabilities that seriously breach users privacy.

DNS (Domain Name System) records can track the user through the web and help to collect the "profile of his/her interests", states Mr. Herrmann.

A behavior-based tracking method allows operators to track the activities of users over an extended period of time. How is it done? By checking the requests against an IP address one can determine which websites the user visited. Since many ISPs use dynamic IP addresses in order to resolve the problem with a lack of IPv4 address space, the user's address is changing and it becomes more difficult to track it. However, anyone with an access to DNS infrastructure can track user's behavior by his IP address, create a classifier for him and find him again (once the IP address is changed) by the online behavior that conforms with the classifier.

Every user is guided by his interests and preferences when surfing the Internet and each user has his own unique combination of interests and preferences, says the researcher.

Say, a user goes to the Google search engine and then to specific websites he/she frequents: news portals, online stores, state and transport services, this combination of his "interests" will be enough to identify this user when he uses another IP address.

Dominik Herrman tested his theory with an experiment - he researched anonymous data from DNS servers of Regensburg University. By analyzing the behavioral chain of 3800 students during 2 months, he managed to correctly identify 86% of the users. And even with the increase of research volumes (12000 students), the accuracy remained high - 76%.

So how can it influence simple users like us? As it stated in the description of the paper, this behavior-based tracking method "threatens the privacy of Internet users, on the other hand, law enforcement could benefit from this research".

And well, speaking of DNS, as you may know, we have Adguard DNS, and it provides "no logging" privacy policy, which means we don't collect your DNS queries. Which means that this method has no power over you :)

Daria Magdik

Wonder Woman of Adguard family. Daria has impressive multitasking skills, knows secrets of a perfect pitch at international festivals and is always happy to remind you why exactly Adguard is the best!

Subscribe to AdGuard Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!