zlacker

>>lolind+(OP)
Maybe they need it to route the traffic to the right CDN? That kinda would make sense.

While I'm very privacy conscious, I don't really see the benefit to hiding my region in the DNS request. Because the very next step after the DNS is my browser making a request to their webserver, at which time they will have my actual complete IP anyway.

>>wkat42+s8
eastdakota's original comment covers this. The DNS request isn't encrypted, so anyone with control over the network (upstream ISPs via warrants) can use this information to figure out who is attempting to visit. ("Someone is resolving example.com" is less information than "someone in LA is resolving example.com") Meanwhile, the actual HTTPS connection leaks less information. If the website is hosted on a CDN or cloud provider, then someone monitoring the IP traffic only knows that you're visiting something hosted by that CDN. ("The target is visiting a Cloudflare-hosted site" is less information than "The target is visiting example.com") So, there is a slight information leak by sending the geolocation information.

On the other hand, it's possible this doesn't matter. The client might not encrypt the host it's trying to visit. Nation states can correlate packet timing. So if someone really wants to know, they'll probably figure it out. (This is always a risk with things like Tor. If the government is monitoring your connection and some target website's connection, and you are sending a lot of packets at the same time they're receiving a lot of packets, you can guess who is talking to who.)