[ViViDboarder]

Because DNS is still largely unencrypted. Nation state actors can read that information and map who is making requests for what domains.

It’s not so much a concern of the site host from getting the users IP, because the user is presumably going to visit it. This is an issue with Archive.is because they host their own DNS, not their web server.

[saurik]

I am sorry, can you explain this to me step by step? My computer makes a DNS request through Cloudflare, which forwards a request to archive.is's DNS server which is apparently going out of its way to carefully prevent anyone from figuring out that I wanted to access archive.is... and then my computer ruins all of that by making a direct connection to archive.is's web server. If you are a "nationstate actor" able to randomly sniff traffic in various places, the DNS request doesn't seem to add any value over the web request. What is the actual attack? Be more specific.

[kenmacd]

The IP you connect to could host 1000 sites. Leaking which one you're actually accessing could be important.