what is the vector here? dns traffic is practically anonymous, there would have to be some very specific and purposeful trickery going on to link dns traffic to an identity. It sounds like something more hypothetical than a tangible threat model

▲

hirako2000 4 hours ago | parent | next [-]

It isn't anonymous. DNS server resolve, IP addresses by hostnames. It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit.

Since ISP know your identity, and all it takes is to (request and get) the DNS logs and ISP servitude for all sort of questionable information, you as an identity are giving away all sites domains you visit.

	▲	UqWBcuFx6NV4r an hour ago \| parent \| next [-]
		Hi. If your response involves explaining the very very basics of DNS to someone that clearly knows what DNS is, please consider the possibility that you may have misunderstood them instead of lecturing them on the basics of ubiquitous internet technologies.
	▲	sgbeal 3 hours ago \| parent \| prev [-]
		> It cannot then inspect further traffic but it certainly can log your IP address and all URL's a given IP ever hit. Correction: they can log host names/IPs, not URLs. The path of any given URL is part of the HTTP header, invisible to onlookers (assuming HTTP and assuming HTTPS is uncracked).

▲

arvid-lind 3 hours ago | parent | prev [-]

> A Cloudflare Ray ID is an identifier given to every request that goes through Cloudflare.

https://developers.cloudflare.com/fundamentals/reference/clo...

if you think a little creatively about how this information could be used by an organization that was created at the insistence of the United States Department of Homeland Security, then you're on the right track.