Why is using wildcard for anonymized DNS suboptimal from a privacy perspective?

[theltalpha]

Hallo! In the wiki is stated in the "anonymized dns" section: "When using wildcards, dnscrypt-proxy tries to choose relays so that they are not on the same network as the servers they relay to. However, this is very likely to be suboptimal from a performance and privacy perspective. A manual selection is always preferred."

So a relay that is not on the same network as the servers they relay to, and a different relay every time dnscrypt-proxy is started, this seems very handy to me, especially from a privacy perspective. Why is it then, that you actually consider it suboptimal?

In issue #1553 the same question was asked, but that one was closed without plausible answer, so please allow me to restate it.

[jedisct1]

Having a relay and a server on different networks doesn't mean that they aren't run by the same entity, or by partners sharing data, or that they don't depend on the same juridiction.

People don't have the same expectations. I would be perfectly fine trusting two OVH servers on the same network, assigned to different customers. I would not with some other cloud providers. Other people would only trust relays and servers from different sets of countries.

So, automation just based on IP addresses cannot reliably take decisions for you. The configuration assumes that users are smart and know what they need instead of taking decisions for them that are not purely technical.

On the performance side. The route and latency from a client to a resolver is not the same as the route from a relay to the same resolver (and that route is not known by clients). Finding the resolver+relay that overall produces the lowest median latency is hard. A small neural network by help, but given the reasons describe above, taking a privacy-relevant decision just based on latency may not be ideal.