Abstract. Reliable network demographics are quickly becoming a much sought-after digital commodity. However, as the need for more refined Internet demographics has grown, so too has the tension between privacy and utility. Unfortunately, current techniques lean too much in favor of functional requirements over protecting the privacy of users. For example, the most prominent proposals for measuring the relative popularity of a website depend on the deployment of client-side measurement agents that are generally perceived as infringing on users' privacy, thereby limiting their wide scale adoption. Moreover, the client-side nature of these techniques also makes them susceptible to various manipulation tactics that undermine the integrity of their results. In this paper, we propose a new estimation technique that uses DNS cache probing to infer the density of clients accessing a given service. Compared to earlier techniques, our scheme is less invasive as it does not reveal user-specific traits, and is more robust against manipulation. We demonstrate the flexibility of our approach through two important security applications. First, we illustrate how our scheme can be used as a lightweight technique for measuring and verifying the relative popularity rank of different websites. Second, using data from several hundred botnets, we apply our technique to indirectly measure the infected population of this increasing Internet phenomenon.