zlacker

[parent] [thread] 6 comments
1. philwe+(OP)[view] [source] 2023-08-02 14:21:33
This is actually addressed in the original HN comment the post links to (>>19828702 ):

> EDNS IP subsets can be used to better geolocate responses for services that use DNS-based load balancing. However, 1.1.1.1 is delivered across Cloudflare’s entire network that today spans 180 cities. We publish the geolocation information of the IPs that we query from. That allows any network with less density than we have to properly return DNS-targeted results.

replies(2): >>eastda+m2 >>wkat42+W3
2. eastda+m2[view] [source] 2023-08-02 14:31:46
>>philwe+(OP)
And today it’s over 250. And the only site I’m aware of that objects to us protecting user privacy by making EDNS more private is this one. ¯\_(ツ)_/¯
replies(2): >>mikeco+wd >>dmvdou+Mq
3. wkat42+W3[view] [source] 2023-08-02 14:37:58
>>philwe+(OP)
Yeah but if the site standardized on EDNS to get this information, it's rather difficult to do something different just for Cloudflare.
replies(1): >>p1mrx+U6
◧◩
4. p1mrx+U6[view] [source] [discussion] 2023-08-02 14:51:57
>>wkat42+W3
edns-client-subnet only provides an IP address; the receiving CDN still needs to geolocate it.

So the main difference is that Cloudflare's servers need to be present in the IP geolocation database. Given their prevalence, they're probably in most of them already.

◧◩
5. mikeco+wd[view] [source] [discussion] 2023-08-02 15:21:25
>>eastda+m2
"Protecting user privacy", from the largest MITM attackers on the internet, is laughable.
replies(1): >>freedo+vq
◧◩◪
6. freedo+vq[view] [source] [discussion] 2023-08-02 16:15:37
>>mikeco+wd
> from the largest MITM attackers

If that were true, there's a lot of really stupid people throwing away their money by paying CF to hack them.

◧◩
7. dmvdou+Mq[view] [source] [discussion] 2023-08-02 16:16:28
>>eastda+m2
Right, the site full of nerds who think archive.is and co. is a cool toy. Dilemma! ;)
[go to top]