Hacker News new | past | comments | ask | show | jobs | submit login

They know what IPs you are connecting to and when, which is valuable. If Cloudflare serves the site you are connecting to (which is increasingly more common) they have access to all of the data you are transmitting.



Somehow I thought they meant more. I’m sure my ISP is after all of my data but I’d rather them than CF. Upon rereading their claim I suspect it is just about IPs and hostnames. I can live with that. Also my browser uses DoH.


Yes, even the router given by my ISP offers Parental Controls with keyword matching against host name, thanks to SNI.

https://en.wikipedia.org/wiki/Server_Name_Indication

> The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested.


SNI reveals which domains.


ECH (encrypted client hello) is going to become mainstream pretty soon. But if you're doing something dodgy, hostname vs. IP is unlikely to make a difference anyway.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: