What Can You Learn from an IP?

The Internet was not designed with security in mind. A number of recent protocols such as Encrypted DNS, HTTPS, etc. target encrypting critical parts of the web architecture, which can otherwise be exploited by eavesdroppers to infer users' data. But encryption may not necessarily guarantee privacy, especially when it comes to metadata. Emerging standards can protect the contents of both DNS queries and the TLS SNI extensions; however, it might still be possible to determine which websites users are visiting by simply looking at the destination IP addresses on the traffic originating from users' devices. We perform a measurement study to determine the anonymity provided by IP addresses resulting from the multiple sub-queries that are made as a consequence of accessing a particular web page. We show that, in most cases, an adversary can use the IP addresses during a page load as a form of a fingerprint to infer the original site identity.