• DavidGarcia@feddit.nl
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Interesting I didn’t even know SNI was a thing. But ISPs etc could still reverse lookup the IP I’m connecting to, right? Only in the case where IPs don’t 1:1 map to domain names does this actually increase privacy, right?

    • Darkassassin07
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      With services like cloudflares WAF for things like DDOS protection becoming more prevalent, the connection from the client would first pass through a shared IP before being proxied to the actual server.

      So; yes, but IPs:domains quite often don’t map 1:1, increasingly so.

    • 👁️👄👁️@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      For the most part yeah, but with limited IPv4, there can be multiple servers that share the same IP separated under a NAT. Definitely don’t assume you’re anonymous though. If it was IPv6 then it’d be 1:1 map to a specific domain.

      • Dave@lemmy.nz
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        If it was IPv6 then it’d be 1:1 map to a specific domain.

        I’m not sure this is (always) true.

        I might rent a VPN, and that VPN may have an IPv6. But I could host a dozen services on it, behind a reverse proxy, and there would still only be one IP.

        • 👁️👄👁️@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          I think you misunderstand. I’m not talking about a single server hosting multiple servers. I’m talking about like your whole neighborhood could share the same ipv4 address by your ISP because of NAT. Proxies have nothing to do with NATs.

          • 4am@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            You should specify that you mean CGNAT, which is different from regular NAT and works at the WAN level.

            Also, your ISP does the routing and translation for CGNAT, so they can still see exactly what everyone is doing (by necessity - they need to route your packets!)

            So this helps even in the case of CGNAT, and they will only know the destination IP of your traffic.

          • Dave@lemmy.nz
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            But in this case, the ISP already knows who you are within the CG-NAT because they run it. I’m confused as to how this is relevant to a comment about servers sharing an IP address.

              • Dave@lemmy.nz
                link
                fedilink
                arrow-up
                5
                ·
                1 year ago

                The new protocol discussed in this post is about privacy in transit, not about protecting yourself from the server you are connecting to, so I got very confused.

  • nebula
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    No mention if it works with DoT. Would much prefer Firefox keeping first party support for DoT as much as DoH. Ad/malware blocking becomes a nightmare with DoH.