undefined | Better HN

0 pointsfriendly_chap6y ago0 comments

I do believe the url path is visible even over HTTPS. Off to do some research on this.

Edit: apparently the url is not visible, but the domain (more like IP, which can be easily resolved to domain).

Same thing still applies, perhaps not with reddit subreddits, but with specific domains/websites.

0 comments

With ordinary DNS you are asking in plain text hey, what's the IP address for reddit.com and it does not take a genius to guess that's because you're visiting reddit.com

With HTTPS using TLS 1.2 or earlier the site sends its certificate in plaintext too, so even if you just remember the IP address, it will tell anybody snooping "Hi, this is reddit.com".

In TLS 1.3 the site's certificate is encrypted. However the SNI, which is used to make virtual hosting work, is not encrypted. So your ISP can see where you said you were going, but not whether they proved they were the real deal.

DPRIVE such as DNS over HTTPS cures the first thing, you use an encrypted transport to do DNS queries against somebody trustworthy who won't rat you out.

eSNI (encrypted SNI) is intended to one day cure the other problem.

Even with both these, seeing that you visited a very popular system like Facebook or Reddit is always going to be easy. So Tor remains important.

j / k navigate · click thread line to collapse