this post was submitted on 14 Apr 2024
-132 points (6.0% liked)

Privacy

31982 readers
336 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 7 months ago (7 children)

Encryption doesn't mean perfectly hidden. Metadata isn't encrypted for HTTPS iirc. And the ISP knows who your sending traffic to since they are routing you there and are usually your DNS. When connected to a good and trusted VPN, all that is hidden, your DNS can't give away your location, and the only server you contact is the VPN

[–] [email protected] 1 points 7 months ago (5 children)

What metadata? The headers are as encrypted as the payload. That there was a key exchange between you & a server isn’t too useful.

“Usually” is a strong word for DNS as well since all OSs let you change it & the megacorporations like Google & Cloudflare have already compelled a lot of folks to use their DNS ta resolve faster since the ISP ones are slow (& the smarter, curious folks used that as a launching point to find other provider or self-host). Some platforms have even been shipping DNS-over-HTTPS to get around some of these issues (since the payload & headers are encrypted under TLS).

[–] [email protected] 1 points 7 months ago (1 children)

the hostname of a website is explicitly not encrypted when using TLS. the Encrypted Client Hello extension fixes this but requires DNS over HTTPS and is still relatively new.

[–] [email protected] 1 points 7 months ago

Everything after Hello is encrypted tho. The metadata is important, but takes some leaps of assumption to know what that data means—moreso than the metadata of say WhatsApp since the payload could be just about anything & from anywhere, not just a P2P text/multimedia message. And DNS over HTTPS does exist now & has support in all browsers & mobile operating systems. If it’s the hostnames you are worried about, a simple SSH SOCKS5 proxy with remote DNS could work with many older technologies. Not saying there isn’t some worry, but there are solutions now, the ISP is getting close to nothing, & for most folks subscribing to a comericial VPN is not worth giving monthly money to these actors that you probably can’t trust.

load more comments (3 replies)
load more comments (4 replies)