You make a search and then you start clicking through the websites in the results. A lot of browsers also do link prefetching, so even just the fact that you open search results will reveal info about the query because your browser might preemptively resolve DNS for result items.
And likely the OS has the search engine in the DNS cache so each search doesn’t require a DNS query.
Cache doesn't matter, you still have to build up the cache in the first place which will make DNS calls out. The TTL for DNS cache entires is usually pretty short as well at around 5 minutes, so even if you have a cache, your computer will still make DNS calls out periodically at quite a frequent rate. My point is that HTTPS doesn't prevent third parties from snooping on your browsing habits because it does nothing to hide your DNS queries.
Yes your original point was well made. It just wasn't clear yet how DNS requests would leak search queries. So more precisely, multiple DNS requests with local cache misses in a short period of time can be used to infer search queries. Like if there are DNS requests for google, amazon, and a botany supplier one after another, then it could be inferred that you searched for something related to shopping and plants.
You make a search and then you start clicking through the websites in the results. A lot of browsers also do link prefetching, so even just the fact that you open search results will reveal info about the query because your browser might preemptively resolve DNS for result items.
Cache doesn't matter, you still have to build up the cache in the first place which will make DNS calls out. The TTL for DNS cache entires is usually pretty short as well at around 5 minutes, so even if you have a cache, your computer will still make DNS calls out periodically at quite a frequent rate. My point is that HTTPS doesn't prevent third parties from snooping on your browsing habits because it does nothing to hide your DNS queries.
Yes your original point was well made. It just wasn't clear yet how DNS requests would leak search queries. So more precisely, multiple DNS requests with local cache misses in a short period of time can be used to infer search queries. Like if there are DNS requests for google, amazon, and a botany supplier one after another, then it could be inferred that you searched for something related to shopping and plants.
Thanks for the detailed response!