undefined | Better HN

0 pointsautoexec6y ago0 comments

Unless you're connected to a VPN 100% of the time wouldn't your ISP already have access to see every domain you browse to?

0 comments

icebraining6y ago

They do via the SNI header, but Firefox already includes support for encrypted SNI. So if the server supports that, all the ISP gets is the IP of the server you're connecting to. If that IP only hosts a single domain, then they can still tell, but in other cases (think sites behind Cloudflare, or using shared load balancers), they can't.

Or actually, they might still, using side-channel attacks, but it's significantly harder to accomplish, especially at scale.

j / k navigate · click thread line to collapse

0 pointsautoexec6y ago0 comments

Unless you're connected to a VPN 100% of the time wouldn't your ISP already have access to see every domain you browse to?

0 comments

icebraining6y ago

Or actually, they might still, using side-channel attacks, but it's significantly harder to accomplish, especially at scale.

j / k navigate · click thread line to collapse