Knowing domain names associated with traffic allows eavesdroppers to profile users without accessing packet payloads. Encrypting domain names transiting the network is, therefore, a key step to increase network confidentiality. Latest efforts include encrypting the TLS Server Name Indication (eSNI extension) and encrypting DNS traffic, with DNS over HTTPS (DoH) representing a prominent proposal. In this paper, we show that an attacker able to observe users' traffic relying on plain-text DNS can uncover the domain names of users relying on eSNI or DoH. By relying on large-scale network traces, we show that simplistic features and off-the-shelf machine learning models are sufficient to achieve surprisingly high precision and recall when recovering encrypted domain names. The triviality of the attack calls for further actions to protect privacy, in particular considering transient scenarios in which only a fraction of users will adopt these new privacy-enhancing technologies.

中文翻译：

---

域名加密会增加用户隐私吗？

知道与流量相关的域名允许窃听者在不访问数据包有效负载的情况下对用户进行分析。因此，对通过网络的域名进行加密是提高网络机密性的关键步骤。最新的努力包括加密 TLS 服务器名称指示（eSNI 扩展）和加密 DNS 流量，其中 DNS over HTTPS (DoH) 代表了一个突出的提议。在本文中，我们展示了能够依赖纯文本 DNS 观察用户流量的攻击者可以发现依赖 eSNI 或 DoH 的用户的域名。通过依赖大规模的网络跟踪，我们证明了在恢复加密域名时，简单的特征和现成的机器学习模型足以实现惊人的高精度和召回率。攻击的微不足道要求采取进一步行动保护隐私，