Open emlimap opened 3 years ago
An other way to preserve anonymity would be simply to proxy the DNS requests through tor.
It does not appear that the proxy service designed for Cloudflare DNS can be used for other DoH service providers at this time.
Besides, I think individual users can simply use a proxy or VPN to access DoH to get similar privacy protection.
It means you never support ODoH?
@ameshkov
What is the status of this? shouldn't be hard and is a very interesting feature
Still planning this on v0.109.0 so don't expect it soon, we have a lot of things to do yet.
Apple, Cloudflare & Fastly together have come up with something called oblivious DoH. This is to decouple a single provider knowing both the DNS query and user's IP when using DoH thereby increasing user's privacy
The way it works is you connect to a proxy which in turn forwards the query to DNS resolver. This way proxy would know the user's IP address but not the query and DNS resolver would know the query but not user IP.
This seems similar to anonymized DNScrypt https://github.com/AdguardTeam/AdGuardHome/issues/1226. Also, this doesn't prevent both proxy & DNS resolver colluding to de-anonymize users. Cloudflare have acknowledged this in their post.
Cloudflare's post on this: https://blog.cloudflare.com/oblivious-dns/ IETF Draft: https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-03
Cloudflare has a Go library for oDOH https://github.com/cloudflare/odoh-go/