> They only know the IP address of the remote server.
It's the internet. Everyone can scrape links and measure/correlate which assets were on them to correlate likely visited websites.
Especially if every web page these days is pretty unique in terms of what kind of assets (network streams) with what kind of byte size were loaded at which point in the document loading timeline.
Now include the TLS fingerprint of your web browser and well, privacy went to shit.
HTTP needs an upgrade with scattering and rerouting on the fly, otherwise these deanonymization techniques can never be fixed.
It's the internet. Everyone can scrape links and measure/correlate which assets were on them to correlate likely visited websites.
Especially if every web page these days is pretty unique in terms of what kind of assets (network streams) with what kind of byte size were loaded at which point in the document loading timeline.
Now include the TLS fingerprint of your web browser and well, privacy went to shit.
HTTP needs an upgrade with scattering and rerouting on the fly, otherwise these deanonymization techniques can never be fixed.