|
|
|
|
|
|
by quit32
2220 days ago
|
|
|
Also worth noting that cloud flare is a large driving force behind encrypted SNI which is the last nail in the coffin for putting ISPs in the dark when your average consumer is browsing the net. https://blog.cloudflare.com/encrypted-sni/ Basically when you connect over https using TLS 1.2 to a site that is hosted on a shared server or behind a load balancer, your browser must tell it in clear text which host name it is trying to connect to. Encrypted SNI in TLS 1.3 also encrypts this info such that if you are also using DoH or DNS over TLS to encrypt DNS query then the ISP can only see the IP of server you connect to which is often going to be a huge cloud provider's load balancer that might serve hundreds or more different sites throughout the day / at the same time. |
|
|