Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even through HTTPS? They'll have the domain and IP address and transfer size, but not the URL or contents of the traffic. (Unless they managed to MITM a trusted certificate somehow.)


HTTPS encrypts the host? Thought you had to know where to go to open that secure transmission. It's enough for your ISP to know you went to "pornhub.com" for example.


Yeah, despite ESNI and DNS-over-HTTPS it's likely an ISP could still effectively track usage of certain large-ish sites by IP address alone. Compare against the anonymity inherent in accessing s3.amazonaws.com/some-bucket/some-path.


They won't know when you use an alt DNS or DoH.


Your ISP needs to know the IP address of the site to route your TCP packets there, and they can easily do a reverse DNS lookup[1] on it. So hiding your DNS query from them won't prevent them from knowing what site you visited.

[1] https://en.wikipedia.org/wiki/Reverse_DNS_lookup


Exactly. At the end of the day, computers need a public address to find each other. And if you can find it, so can they.


You'll also need ECH, to avoid leaking your TLS handshake's SNI.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: