zlacker

[return to "Why does 1.1.1.1 not resolve archive.is?"]
1. ggm+N2[view] [source] 2019-10-04 06:10:48
>>stargr+(OP)
ECS is not equivalent to 'send the IP' but is revealing.

the fact that I subsequently connect to another place over HTTP or some other protocol is distinct from telling a DNS authority who is asking a question about a domain name: the article implies "its the same leakage" but it isn't: different people get told.

◧◩
2. cnst+53[view] [source] 2019-10-04 06:13:43
>>ggm+N2
What's the actual meaningful difference, though? ECS is limited to a /24 anyways, so, it doesn't even reveal the exact IP address in any case.
◧◩◪
3. ggm+R3[view] [source] 2019-10-04 06:24:41
>>cnst+53
Thats a good question. How you feel about third parties knowning what endpoints you go to depends on what endpoints you're going to, and why. In some economies, its hugely informing. In many cases its explicitly what BI is -to know what you do, and when you do it.

I don't have good sense of this, but people I trust say a surprisingly small collection of information identifies you to a specific level. same /24 is only 255 people if there isn't a CGN. More to the point, if your /24 identifies your economy, you're now subject to IPR limits and can be told different things.

So some ECS objection is rooted in opposition to regional IPR. Netflix. Sub-optimal CDN delivery (to one person) is wall avoidance (to another)

◧◩◪◨
4. cnst+16[view] [source] 2019-10-04 06:57:18
>>ggm+R3
What exactly do you use DNS for? Most folks use it to resolve a domain name so that they can make an HTTP and/or HTTPS requests from the very same IP address over the very same internet connection. Surprise: these subsequent HTTP/HTTPS requests would have your complete identifying information down to the very specific /32 IPv4 or /128 IPv6 address uniquely assigned to yourself.

So, in reality, the extra privacy gained from not doing ECS is hardly something with a measurable effect, because this information HAS to leak in any case. Even if make DNS encrypted, even if you employ encrypting TLSv1.3 SNI, the IP addresses will still leak, and with a much higher precision anyways. So, this we-don't-do-ECS-because-privacy is a rather pointless statement in the end.

◧◩◪◨⬒
5. rvnx+K8[view] [source] 2019-10-04 07:36:05
>>cnst+16
+1 @cnst, what privacy concerns are you all afraid of with ECS ? archive.is will get informed that someone around IP range A.B.x.x tries to reach its website, just a few seconds later to see a connection from A.B.C.D.

The main reason that Cloudflare wouldn't share this info is to prevent competitors like Akamai to operate a CDN as good as them. It looks more like sabotaging competition than increasing privacy.

◧◩◪◨⬒⬓
6. FDSGSG+i9[view] [source] 2019-10-04 07:43:37
>>rvnx+K8
In practice this is one of the most common techniques used to deanonymize proxy users.
[go to top]