Just try one of the akamai endpoints to test it. (E.g media.steampowered.com)
For me 1.1.1.1 serves akamai singapore IPs, while 8.8.8.8 serves IPs of my ISPs akamai cache in Sri Lanka.
If your ISP has a bad route to 1.1.1.1, this just gets worse.
Here's an interesting thought — if it's so bad for privacy and isn't necessary for a CDN, does Cloudflare the CDN simply disregard ECS when receiving requests from DNS.Google, or do they take it into account?
For the lazy like me: robustness principle, aka Postel's law
https://en.wikipedia.org/wiki/Robustness_principle
Thank you for the reference. I learned something today!
If archive.is thinks that Internet standards should be adopted so quickly, it's weird that they don't support IPv6 considering it's been a standard since 1998!
Obviously I'm kidding, but only kind of. When it comes to insisting on adopting new standards, edns-client-subnet is a weird hill to die on, especially considering it was always meant to be optional.
> does Cloudflare the CDN simply disregard ECS when receiving requests from DNS.Google, or do they take it into account?
I don't think they have a reason to use it because they use TCP anycast. Looking at https://cachecheck.opendns.com/ they seem to return the same IPs regardless of geography.
> A flaw can become entrenched as a de facto standard. Any implementation of the protocol is required to replicate the aberrant behavior, or it is not interoperable. This is both a consequence of applying Postel's advice, and a product of a natural reluctance to avoid fatal error conditions.
[0] https://tools.ietf.org/html/draft-iab-protocol-maintenance-0...
You can only held companies accountable for the laws and explicit written promises and legally binding agreements.
Currently the price companies pay for privacy violations is low. If a company like Cloudflare writes down all the privacy promise in legally bind manner and puts themselves into legal and financial liability that is above the norm for breaking the contract intentionally it can increase trust.
Companies can do much more than they do now. They can put explicit bounties for whistle blowing them and revealing privacy violations. They can hire trusted third parties to do privacy audits and handle whistle blowing.
* https://news.ycombinator.com/item?id=21071022
Likewise for 1.1.1.1 — when taking into consideration the local caching appliances that the ISPs have invested in, the lack of ECS would make the clients go all the way through the internet for the same content that's already cached locally by the ISP for users of all other decent resolvers — this will only contribute to increased costs for the individual ISPs, extra latency for users, and more competitive advantage of your products due to you diminishing the technological advantages of your competitors, without regard to the actual user experience of the users, or the reliability and scaling of the internet infrastructure at large.
Not to mention that such Netflix/YouTube usage, when going directly through transit providers and through the whole internet, would also subject the users to a greater chance of surveillance at large compared to users of resolvers that would access local copies on the caching appliance.
https://randysrandom.com/wp-content/uploads/right-wrong.jpg
Neither answer may look technically wrong, but only one reflects what is actually happening here. That we don't know which exactly based on that specific data doesn't mean that both are equally valid.
This statement is based upon a terrible misunderstand of Postel's
robustness principle. I knew Jon Postel. He was quite unhappy with
how his robustness principle was abused to cover up non-compliant
behavior, and to criticize compliant software.
Jon's principle could perhaps be more accurately stated as "in general,
only a subset of a protocol is actually used in real life. So, you should
be conservative and only generate that subset. However, you should also
be liberal and accept everything that the protocol permits, even if it
appears that nobody will ever use it."
Further discussion on the topic:
> Archive.is does not block all requests lacking EDNS. They specifically block requests coming from Cloudflare's datacenters.
https://twitter.com/archiveis/status/1018691421182791680
> Absence of EDNS and massive mismatch (not only on AS/Country, but even on the continent level) of where DNS and related HTTP requests come from causes so many troubles so I consider EDNS-less requests from Cloudflare as invalid.
Looks like they are. https://blog.cloudflare.com/announcing-1111/
Of course, in that case you can't put surprising terms into the agreement if they are disadvantageous to the user. Courts don't see that a meeting of the minds took place. https://en.wikipedia.org/wiki/Meeting_of_the_minds
That doesn't sound too bad, privacy-wise.
EDIT: I mean if you were to map all US IP's to a single canonical IP for instance.
[0] https://twitter.com/archiveis/status/1018691421182791680
The exact same command fails when sent from Cloudflare's datacenters, but succeeds when sent from DigitalOcean:
https://community.cloudflare.com/t/archive-is-error-1001/182...
Two more sources: