Oddbean new post about | logout
dzcode | 4 months ago (raw) | root | parent | reply | flag 
 I'm not sure there's any downside with the DNS option, as you have to do anyway a DNS resolution also in the HTTPS option.
provoost | 4 months ago (raw) | root | parent | reply | flag +7 
 Assuming it's a shared domain, then by querying for the sjors@ TXT record I'm revealing that (to e.g. Google if doing dns over http).

Whereas with https I'm only revealing the domain at the dns level. But then the server knows exactly what I asked for.
dzcode | 4 months ago (raw) | root | parent | reply | flag +3 
 Yes, that's true for a shared domain, yes.
The TXT record points out directly to the final user. True.

On the other hand, DNS architecture allows the user to hide behind a DNS recursive server (from the ISP, institution, DoH providers, etc), whereas it's easier to leak your final IP to the HTTPS server (if you don't user a webproxy).

Different privacy compromises, I guess.