this post was submitted on 06 Oct 2024
734 points (90.8% liked)

Technology

58699 readers
5597 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
734
What the hell Proton! (r.nf)
submitted 1 week ago by [email protected] to c/technology
266 comments fedilink hide all child comments
 

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 week ago (3 children)

What about DoH/DoT which comes enabled by default in some browsers I believe? This should "hide" your activity from isp/router as well, shouldn't it?

[–] [email protected] 9 points 1 week ago

The ISP will always know the IP you're connecting to. Encrypted DNS might get you slightly more privacy for sites using shared IPs like with Cloudflare. But in a lot of cases, there's only 1 website per IP, so the ISP still knows where you're browsing. A VPN solves this by routing all traffic through the VPNs IP first. But you can still be tracked just the same by the VPN and to an extent, the VPNs ISP.

[–] [email protected] 5 points 1 week ago

DoH & DoT still leak the domain name (and of course IP address) you're connecting to. The domain name leak can be solved by Encrypted Client Hello but that's still a draft and not turned on for many servers.

[–] [email protected] 2 points 1 week ago (1 children)

Yes and no.

Modern HTTPS connections send the URL you are connecting to in the initial hello, so the remote webserver knows what security certificate to use when you connect. A lot of web servers host multiple sites, especially for smaller webpages, and so it doesn't assume that since you connected to that specific webserver, that you're connecting to the site that the webserver is hosting, even if it's only hosting a single site.

This can leak the data to anyone sniffing the traffic.

You can also determine some traffic by IP address, this is for larger web services like Facebook, youtube and other sites of similar size. They load balance groups of IPs for their traffic, all are serving the same data. So if you connect to an IP that's owned by Facebook, for example, then your actions can be easily derived.

Since the connection is still secured by TLS, the content can't be deciphered, but the location you are going to absolutely can.

It really depends on a lot of factors.

[–] [email protected] 2 points 1 week ago

Ok, thank you and all the others for explanation.