this post was submitted on 05 Oct 2023
290 points (98.0% liked)

Firefox

17938 readers
11 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] justinh_tx@lemmy.ml 14 points 1 year ago (11 children)

If a packet is traversing an ISP's network the ISP should have to know where it is coming from and where it is going, right? So even if you "encrypt the first hello" packet, the ISP would still know where it was routed, right?

I'll freely admit I have only a very basic (and likely outdated) understanding of IP networking, but I don't see how this protects my browsing habits from my ISP. Even if they can't understand my "hello" to lemmy.ml, they still know I'm talking to lemmy.ml's IP address about something.

What am I missing?

[–] achsonaja@lemm.ee 2 points 1 year ago (1 children)

Yeah I think it has the same limitations that pretty much anything not through a vpn has because you still have to tell your isp where to send the data. Your isp will still see some things, even if it’s encrypted (metadata, DPI, habits, and things beyond my knowledge). This sounds like a step in the right direction for the majority of people though, even if it’s minor.

I kind of see it like differentiating between them seeing lemmy.ml via this vs lemmy.ml/thing-i-want-private/peronal.html without it, but I could be wrong about that.

[–] Bitrot@lemmy.sdf.org 5 points 1 year ago* (last edited 1 year ago)

HTTPS already prevents them from knowing exactly what content you’re looking at. Hiding SNI prevents them from knowing exactly what site you are connecting to via HTTPS.

They can still figure that out if you’re using unencrypted DNS or if there is a 1:1 IP to rDNS mapping though.

load more comments (9 replies)