zlacker

[parent] [thread] 5 comments
1. cnst+(OP)[view] [source] 2019-10-04 06:57:18
What exactly do you use DNS for? Most folks use it to resolve a domain name so that they can make an HTTP and/or HTTPS requests from the very same IP address over the very same internet connection. Surprise: these subsequent HTTP/HTTPS requests would have your complete identifying information down to the very specific /32 IPv4 or /128 IPv6 address uniquely assigned to yourself.

So, in reality, the extra privacy gained from not doing ECS is hardly something with a measurable effect, because this information HAS to leak in any case. Even if make DNS encrypted, even if you employ encrypting TLSv1.3 SNI, the IP addresses will still leak, and with a much higher precision anyways. So, this we-don't-do-ECS-because-privacy is a rather pointless statement in the end.

replies(1): >>rvnx+J2
2. rvnx+J2[view] [source] 2019-10-04 07:36:05
>>cnst+(OP)
+1 @cnst, what privacy concerns are you all afraid of with ECS ? archive.is will get informed that someone around IP range A.B.x.x tries to reach its website, just a few seconds later to see a connection from A.B.C.D.

The main reason that Cloudflare wouldn't share this info is to prevent competitors like Akamai to operate a CDN as good as them. It looks more like sabotaging competition than increasing privacy.

replies(2): >>FDSGSG+h3 >>cnst+w4
◧◩
3. FDSGSG+h3[view] [source] [discussion] 2019-10-04 07:43:37
>>rvnx+J2
In practice this is one of the most common techniques used to deanonymize proxy users.
replies(1): >>cnst+N4
◧◩
4. cnst+w4[view] [source] [discussion] 2019-10-04 07:59:41
>>rvnx+J2
> The main reason that Cloudflare wouldn't share this info is to prevent competitors like Akamai to operate a CDN as good as them. It looks more like sabotaging competition than increasing privacy.

Exactly. Their own answers in the threads over here at HN are basically admitting as much — they claim to be working on solutions alternative to ECS, because Google and some others have more PoPs than Cloudflare does. They're obviously using this as a competitive advantage to slow down competing CDNs. And noone's talking about!

◧◩◪
5. cnst+N4[view] [source] [discussion] 2019-10-04 08:03:18
>>FDSGSG+h3
How? If your client is leaking DNS outside of the confines of the proxy you're using, you've got bigger problems than ECS.
replies(1): >>FDSGSG+5O2
◧◩◪◨
6. FDSGSG+5O2[view] [source] [discussion] 2019-10-05 15:59:21
>>cnst+N4
I don't disagree about DNS leaks being a separate problem, that doesn't change anything about what I said though.
[go to top]