Hide and Seek: Revisiting DNS-based User Tracking

Domain name system (DNS) is the address book of the Internet and domain names are queried before almost every network activity. Since the entities like recursive resolvers can monitor users' DNS queries, privacy concerns such as user tracking arise. Though a number of prior works have looked into this issue, they all focus on the closed-world setting, which means that victim users must be known to the adversary. We argue that it does not reflect the adversary's true capabilities. Moreover, there lacks an effective approach to defend against DNS-based user tracking. In this work, we revisit these issues by investigating the attack surface in both open-world and closed-world settings and studying how to protect users. First, we introduce a new tracking mechanism DSCorr which incorporates domain-based word embedding to capture the fine-grained distance between domain names, and automatic threshold generation for fine-tuning the attack outcome. The evaluation result on a real-world DNS dataset shows DSCorr is able to outperform the existing works by a large margin especially in the open-world setting. On the defense side, we develop a system called LDPResolve, which incorporates a recently proposed differential privacy notion ULDP (Utility-optimized Local Differential Privacy) and a new technique named parallel domain resolving, to provide privacy guarantees without damaging the utility of legitimate applications. The evaluation result on the same dataset shows the DNS-based user tracking can be effectively curbed, e.g., tracking accuracy degraded from 93% to 10.1%.