Feature #17138

DNS over HTTPS over tor

Added by sephula 2019-10-09 04:29:30 . Updated 2019-10-09 08:42:03 .

Status:
Confirmed
Priority:
Low
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

I would like to request this feature be added to TAILS, and there’s no reason to depend on the tor developers to implement it.

Cloudflare has provided handy instructions on how to do this at:
[https://developers.cloudflare.com/1.1.1.1/fun-stuff/dns-over-tor/]

They suggest a method using their own “Cloudflared” tool, but this can also be done with dnscrypt-proxy 2, which also works with Tor, and is available at:
[https://github.com/DNSCrypt/dnscrypt-proxy]

There are many advantages of using Cloudflare’s hidden service DNS resolver, and no known reasons not to. Aside from the added privacy, and safety from not having to trust potentially rogue exit nodes, it would also permit Cloudflare to collect statistics about which websites tor users visit, which would allow them to resolve problems with Tor users being able to access websites hosted on their platform. Lets not forget that any other DNS resolver would also be able to collect this information. Simply using a DNS resolver requires trusting the host. So, there wouldn’t appear to be any increase of risk. To the contrary, knowing that your traffic never leaves the tor network, eliminates the necessity of trusting the exit node. Trusting Cloudflare also makes more sense than trusting Google, IMHO. There is already a method for using this service in Tor Browser, because Firefox allows it, which by-passes the exit node’s settings. However, this does not apply universally to other programs and parts of the OS, and this leaves portions of the attack surface unprotected.

It would seem most appropriate to make this request with the developers of the TAILS distro.

Thank you, for your time and efforts. Please, use my donations to make useful changes.


Subtasks


Related issues

Is duplicate of Tails - Feature #16187: Use DOH (DNS over https) for DNS Rejected 2018-12-04

History

#1 Updated by intrigeri 2019-10-09 08:29:14

  • is duplicate of Feature #16187: Use DOH (DNS over https) for DNS added

#2 Updated by intrigeri 2019-10-09 08:42:03

  • Status changed from New to Confirmed
  • Priority changed from Normal to Low

> I would like to request this feature be added to TAILS, and there’s no reason to depend on the tor developers to implement it.

I’d really like not to diverge from upstream on this front as far as Tor Browser is concerned:

  • It would make Tails users easier to single out. Given Tails users are 1% or so of all Tor users, that seems risky.
  • Important features of Tor Browser, such as FPI (first-party isolation), might be weaken by using a single DNS resolver without per-circuit isolation. We lack the resources to fully analyze this, conclude that it would be safe, and maintain confidence in this conclusion on the long term.

> There are many advantages of using Cloudflare’s hidden service DNS resolver, and no known reasons not to.

Would using DOH for Tails’ global system resolver config (/etc/resolv.conf) weaken https://tails.boum.org/contribute/design/stream_isolation/?

So for now, I’m marking this ticket as confirmed for the research part. If someone has the time & skills to analyze the pros & cons in more depth, it would be great.
Then we can discuss whether the pros outweigh the cons.

At this point, I doubt that the Tails team should invest resources into doing this research or implementing DOH: the benefits I’m aware of seem rather small.