this post was submitted on 29 Jan 2024
14 points (100.0% liked)

Privacy

4211 readers
17 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
 

I've heard this is true for https, but I'm unsure.

top 5 comments
sorted by: hot top controversial new old
[–] dohpaz42@lemmy.world 12 points 9 months ago (1 children)

The technical reason why is because when visiting a website, the web browser has to translate the website name (aka domain name) into a number it can use to connect to; this is akin to looking up a person in your phone contacts and the phone calling the number. This is the part the ISP sees.

The actual web request would be invisible over HTTPS because as far as the ISP sees, it is a random collection of letters, numbers, and symbols (ie encryption). Only you and the web server know how to decode the information.

The web server sees a request for https://www.example.com/foo/bar?baz=bam as the following:

GET /foo/bar?baz=bam HTTP/1.1
Host: www.example.com

HTH

[–] FlickeringScreens@lemmy.world 1 points 9 months ago
[–] moon@lemmy.cafe 9 points 9 months ago (1 children)

Yes, https hides most things but leaks the sni (server name indicator. We came up with a solution called esni (encrypted sni), but that also had issues. It didn't have much adoption before esni got replaced with ech (encrypted hello). Cloudflare actually has a neat website to check if your browser is supporting ech.

You can learn more about it here, it's pretty cool! https://blog.cloudflare.com/handshake-encryption-endgame-an-ech-update/

[–] iopq@lemmy.world 1 points 9 months ago

Yeah, but DoH is blocked in China and Firefox doesn't enable them separately

It seems like I should be able to use ECH and dnscrypt together, for example

https://bugzilla.mozilla.org/show_bug.cgi?id=1500289

[–] LWD@lemm.ee 3 points 9 months ago

Basically, yes. It can see subdomains and domains, but the content including folders, files and query data is all encrypted in transit.