Rahel A. Fainchtein
ABSTRACT
Smart DNS (SDNS) services enable their users to avoid geographic restrictions to content (i.e., geoblocking) with minimal internet quality of service overhead. While previous research has shown that usage of SDNS has numerous associated privacy risks, the security and privacy perceptions of users of SDNS are unexplored. In this paper, we perform a survey of n = 63 SDNS users, finding that many have limited understandings both of how these systems work and their overall security/privacy properties. As a result, many users put undue trust in purveyors of SDNS services and in the security they provide.
- Sadia Afroz, Michael Carl Tschantz, Shaarif Sajid, Shoaib Asif Qazi, Mobin Javed, and Vern Paxson. 2018. Exploring Server-side Blocking of Regions. arXiv preprint arXiv:1805.11606(2018).Google Scholar
- Alessandro Acquisti and Jens Grossklags. 2005. Privacy and rationality in individual decision making. IEEE Security Privacy 3, 1 (2005), 26–33.Google ScholarDigital Library
- Allison McDonald, Matthew Bernhardand Luke Valenta, Benjamin VanderSloot, Will Scott, Nick Sullivan, J. Alex Halderman, and Roya Ensafi. 2018. 403 Forbidden: A Global View of CDN Geoblocking. In Proceedings of the Internet Measurement Conference (IMC).Google ScholarDigital Library
- S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, and T. Wright. 2003. Transport Layer Security (TLS) Extensions. RFC 3546. Internet Engineering Task Force.Google Scholar
- Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. In USENIX Security Symposium (USENIX).Google ScholarCross Ref
- ExpressVPN. 2022. Get Started with 5 Awesome Ways to Use ExpressVPN. https://www.expressvpn.com/get-started.Google Scholar
- Rahel A. Fainchtein, Adam J. Aviv, and Micah Sherr. 2022. User Perceptions of the Privacy and Usability of Smart DNS: Codebook and Other Artifacts. https://github.com/GUSecLab/smartdns-study/blob/main/analysis/qualitative_analysis/codebook.pdf.Google Scholar
- Rahel A. Fainchtein, Adam J. Aviv, Micah Sherr, Stephen Ribaudo, and Armaan Khullar. 2021. Holes in the Geofence: Privacy Vulnerabilities in “Smart” DNS Services. Proceedings on Privacy Enhancing Technologies (PoPETS) (2021).Google Scholar
- Kevin Gallagher, Sameer Patil, and Nasir Memon. 2017. New Me: Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network. In Symposium on Usable Privacy and Security (SOUPS).Google Scholar
- Gambino, Andrew and Kim, Jinyoung and Sundar, S. Shyam and Ge, Jun and Rosson, Mary Beth. 2016. User Disbelief in Privacy Paradox: Heuristics That Determine Disclosure. In Conference Extended Abstracts on Human Factors in Computing (CHI).Google Scholar
- Gueye Bamba, Arthur Zivani, Mark Crovella, and Serge Fdida. 2004. Constraint based Geolocation of Internet Hosts. In Internet Measurement Conference (IMC).Google Scholar
- HideIPVPN. 2021. What Is Smart DNS? (How Does Smart DNS Work?). https://www.hideipvpn.com/learning-center/what-is-smart-dns-how-does-smart-dns-work/.Google Scholar
- P. Hoffman and P. McManus. 2018. DNS Queries over HTTPS (DoH). RFC 8484. Internet Engineering Task Force.Google Scholar
- Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). RFC 7858. Internet Engineering Task Force.Google Scholar
- Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. “...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices. In Symposium On Usable Privacy and Security (SOUPS).Google Scholar
- Josh. 2022. SmartDNS | What Is It and How do You Set it Up? (2022 Guide). All Things Secured. Available at https://www.allthingssecured.com/vpn/faq/what-is-smartdns/.Google Scholar
- Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. “My Data Just Goes Everywhere”: User Mental Models of the Internet and Implications for Privacy and Security. In Symposium On Usable Privacy and Security (SOUPS).Google Scholar
- Mohammad Taha Khan, Joe DeBlasio, Chris Kanich, Geoffrey M. Voelker, Alex C. Snoeren, and Narseo Vallina-Rodriguez. 2018. An Empirical Analysis of the Commercial VPN Ecosystem. In ACM SIGCOMM Conference on Internet Measurement (IMC).Google Scholar
- Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Damon McCoy, Vern Paxson, and Steven J Murdoch. 2016. Do You See What I See? Differential Treatment of Anonymous Users. In Network and Distributed System Security Symposium (NDSS).Google Scholar
- [20] Martynas Klimas.2021. https://surfshark.com/blog/smart-dns-vs-vpn.Google Scholar
- Laki, Sándor and Mátray, Péter and Hága, Péter and Sebők, Tamás and Csabai, István and Vattay, Gábor. 2011. Spotter: A Model Based Active Geolocation Service. In International Conference on Computer Communications (INFOCOM).Google Scholar
- Tim Morcan. 2019. What Is Smart DNS Tech & How Does Smart DNS Work?https://www.cactusvpn.com/beginners-guide-to-smart-dns/what-is-smart-dns/#legality.Google Scholar
- Muir, James A. and Oorschot, Paul C. Van. 2009. Internet Geolocation: Evasion and Counterevasion. Comput. Surveys 42, 1 (December 2009).Google ScholarDigital Library
- Moses Namara, Daricia Wilkinson, Kelly Caine, and Bart P Knijnenburg. 2020. Emotional and Practical Considerations Towards the Adoption and Abandonment of VPNs as a Privacy-Enhancing Technology. Proceedings on Privacy Enhancing Technologies (PoPETS) 2020, 1(2020), 83–102.Google ScholarCross Ref
- NordVPN. 2022. NordVPN. https://nordvpn.com/.Google Scholar
- Ingmar Poese, Steve Uhlig, Mohamed Ali Kaafar, Benoit Donnet, and Bamba Gueye. 2011. IP Geolocation Databases: Unreliable?ACM SIGCOMM Computer Communication Review 41, 2 (April 2011), 53–56.Google ScholarDigital Library
- Rick Wash and Emilee Rader. 2015. Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users. In Symposium on Usable Privacy and Security (SOUPS).Google Scholar
- Scott Ruoti and Tyler Monson and Justin Wu and Daniel Zappala and Kent Seamons. 2017. Weighing Context and Trade-offs: How Suburban Adults Selected Their Online Security Posture. In Symposium on Usable Privacy and Security (SOUPS).Google Scholar
- Rachee Singh, Rishab Nithyanand, Sadia Afroz, Paul Pearce, Michael Carl Tschantz, Phillipa Gill, and Vern Paxson. 2017. Characterizing the Nature and Dynamics of Exit Blocking. In USENIX Security Symposium (USENIX).Google Scholar
- StrongVPN. 2022. Why Do I Need a VPN? | StrongVPN. https://strongvpn.com/vpn-uses/.Google Scholar
- S. Shyam Sundar. 2008. The MAIN Model: A Heuristic Approach to Understanding Technology Effects on Credibility. The MIT Press, 72––100.Google Scholar
- Marketa Trimble. 2012. The Future of Cybertravel: Legal Implications of the Evasion of Geolocation. Fordham Intellectual Property, Media & Entertainment Law Journal 22 (April 2012).Google Scholar
- Marketa Trimble. 2021. A New CJEU Judgment on Copyright-Related Geoblocking – One Step Forward or One Step Back in the EU Commission’s Fight Against Geoblocking? (Guest Blog Post) in Technology & Marketing Law Blog. https://blog.ericgoldman.org/archives/2021/01/a-new-cjeu-judgment-on-copyright-related-geoblocking-one-step-forward-or-one-step-back-in-the-eu-commissions-fight-against-geoblocking-guest-blog-post.htm.Google Scholar
- Zachary Weinberg, Shinyoung Cho, Nicolas Christin, Vyas Sekar, and Phillipa Gill. 2018. How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation. In ACM SIGCOMM Conference on Internet Measurement (IMC).Google ScholarDigital Library
- Bernard Wong, Ivan Stoyanov, and Emin Gün Sirer. 2007. Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts. In USENIX Symposium on Networked Systems Design and Implementation (NSDI).Google Scholar
- Zhao Zhang, Tavish Vaidya, Kartik Subramanian, Wenchao Zhou, and Micah Sherr. 2020. Ephemeral Exit Bridges for. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).Google Scholar
- Zhao Zhang, Wenchao Zhou, and Micah Sherr. 2020. Bypassing Exit Blocking with Exit Bridge Onion Services. In ACM Conference on Computer and Communications Security (CCS).Google Scholar
Index Terms
- User Perceptions of the Privacy and Usability of Smart DNS
Recommendations
User Perceptions of Smart Home IoT Privacy
Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart ...
Extending layered privacy language to support privacy icons for a personal privacy policy user interface
HCI '18: Proceedings of the 32nd International BCS Human Computer Interaction ConferenceThe LPL Personal Privacy Policy User Interface (LPL PPP UI) is designed to allow for informed and free consent. An extension for the Layered Privacy Language and the Privacy Icons Overview is introduced here. The capabilities of the LPL PPP UI consist ...
Perceptions and reactions to conversational privacy initiated by a conversational user interface
AbstractIn 2019, media reports raised awareness about privacy and security violations in Conversational User Interfaces (CUI) like Alexa, Siri and Google. Users report that they perceive CUI as creepy and that they are concerned about their ...
Highlights- Some privacy messages significantly improve privacy and security perceptions.
- ...
Comments