Hacker News new | ask | show | jobs
by ziegeer 2542 days ago
An IP address is not always as telling as the DNS name of what you're connecting to. E.g. I may be connecting to a CDN like CloudFlare for content over HTTPS and my ISP will have no idea what I'm doing. But if I used the DNS name that refers to that content it would likely be more obvious in many cases.
2 comments
zimbatm 2542 days ago
ISPs can sniff the hostname from the HTTPS Server Name Indicator (SNI) headers because they are transmitted in clear.

The next step will be to deploy the TLS 1.3 Encrypted Server Name Indicator (ESNI)[1].

[1]: https://tools.ietf.org/html/draft-ietf-tls-esni-03

link
lugg 2542 days ago
AMP, Facebook groups, WordPress.com sites, shared hosting, download sites etc.

Thinking this is a step backwards is pretty naive.

link