[LethargicStud]

Because privacy is good. There could be countries that could physically harm you for accessing certain sites. This is a good step to avoiding that.

[amelius]

But said countries could still see what IP addresses you talk to, and do a reverse DNS lookup ...

[BuildTheRobots]

Reverse IP doesn't necessarily tell you much - especially with the predominance of "shared hosting" (or even cloudflare type services). The IP address could potentially be one of 1000 sites, so your ISP shouldn't be able to tell what you're actually looking at (eg they have no idea if you're looking at porn, nazis or just reading the local news paper).

Sadly SNI destroys most of this privacy, but leaking less shouldn't be a bad thing. There's also other reasons you don't want people intercepting or re-writing your DNS.

[amelius]

> Reverse IP doesn't necessarily tell you much

Yeah, but put some strong emphasis on "necessarily" there.

I don't buy this argument. There are too many situations in which it doesn't apply. It offers a false sense of security.

[verandaguy_alt]

Lots of edge cases with an extremely large base case -- I'd guess (conservatively) that at least 9 out of 10 sites you go to use shared hosting or a CloudFlare-style CDN.

Also worth noting that an ISP will generally go for the low-hanging fruit, but if your threat model includes a determined opponent then this probably isn't for you.

It's hard to argue that this isn't a net improvement over the status quo, though.