Holes in the Geofence: Privacy Vulnerabilities in "Smart" DNS Services
This research uncovers critical privacy vulnerabilities in Smart DNS services, impacting users who rely on these services to access geofenced content.
This paper investigates Smart DNS (SDNS) services, which enable users to bypass geographic content restrictions. The study reveals several privacy vulnerabilities, including architectural weaknesses that allow content providers to identify SDNS users, and design flaws in some services that permit arbitrary third parties to enumerate users by IP address, even when offline.
Smart DNS (SDNS) services advertise access to "geofenced" content (typically, video streaming sites such as Netflix or Hulu) that is normally inaccessible unless the client is within a prescribed geographic region. SDNS is simple to use and involves no software installation. Instead, it requires only that users modify their DNS settings to point to an SDNS resolver. The SDNS resolver "smartly" identifies geofenced domains and, in lieu of their proper DNS resolutions, returns IP addresses of proxy servers located within the geofence. These servers then transparently proxy traffic between the users and their intended destinations, allowing for the bypass of these geographic restrictions. This paper presents the first academic study of SDNS services. We identify a number of serious and pervasive privacy vulnerabilities that expose information about the users of these systems. These include architectural weaknesses that enable content providers to identify which requesting clients use SDNS. Worse, we identify flaws in the design of some SDNS services that allow {\em any} arbitrary third party to enumerate these services' users (by IP address), even if said users are currently offline. We present mitigation strategies to these attacks that have been adopted by at least one SDNS provider in response to our findings.