this post was submitted on 05 Oct 2023
285 points (98.0% liked)

Firefox

17301 readers
503 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
[email protected]
285
Say (an encrypted) hello to a more private internet. | The Mozilla Blog (blog.mozilla.org)
submitted 10 months ago by [email protected] to c/[email protected]
28 comments fedilink hide all child comments
 

r/privacy

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 10 months ago (11 children)

If a packet is traversing an ISP's network the ISP should have to know where it is coming from and where it is going, right? So even if you "encrypt the first hello" packet, the ISP would still know where it was routed, right?

I'll freely admit I have only a very basic (and likely outdated) understanding of IP networking, but I don't see how this protects my browsing habits from my ISP. Even if they can't understand my "hello" to lemmy.ml, they still know I'm talking to lemmy.ml's IP address about something.

What am I missing?

[–] [email protected] 7 points 10 months ago (2 children)

If I understand correctly, someone other than your ISP could see the name of the website, since it isn't encrypted. I think it would bounce through several servers that could possibly read the data.

[–] SquigglyEmpire 5 points 10 months ago (1 children)

This makes it so that your ISP doesn't see the actual name of the server/site you're communicating with, only the IP address. Without Encrypted Hello they're able to see both.

[–] [email protected] 5 points 10 months ago (1 children)

I would think that an IP address tells you the domain name by doing a simple DNS lookup.

[–] SquigglyEmpire 6 points 10 months ago* (last edited 10 months ago)

In many cases you can, but there's never a guarantee that a given IP address will have reverse DNS records configured for resolve it into. On top of that, if it's a major site it's likely hosted behind a content delivery network that may a share a single IP address across thousands or even millions of completely unrelated servers. Cloudflare does some pretty interesting stuff with that approach: https://blog.cloudflare.com/cloudflare-servers-dont-own-ips-anymore/ edit: bad at typing

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

Cloudflare fronts much of the internet, so all your ISP would see is that you connect to cloudflare, not which site you actually connect to.

In fact this was a big reason cloudflare and Amazon were angry with the signal foundation, for using domain front running, using the same trick in fascist countries to still be able to talk to signal servers

load more comments (8 replies)