Comment by AshamedCaptain

1 day ago

Does it, really? Have you seen wireshark output lately? (the GUI can be configured to do reverse lookup on all IP address)

If I check up right now, form the top 10 links in HN right now, it is trivial to distinguish the top-level domain from just the IPv4 or IPv6 address. Heck, even _for this website itself_ the current IPv4 reverse DNS points to ycombinator.com. I don't even need to go into packet size heuristics, or the myriad of ad networks, etc.

Sure there are some instances where you will share the IP of the CDN. This has been seen recently e.g. in the recent article of the "LaLiga" blocks in Spain. But bigger sites cannot afford for this to happen, and even smaller sites tend to have at least one paid IP address for mail (reputation is a bitch, and Cloudflare doesn't have any).

8 comments

AshamedCaptain

Reply
josephcsible  1 day ago

> If I check up right now, form the top 10 links in HN right now, it is trivial to distinguish the top-level domain from just the IPv4 or IPv6 address.

Two of the top 10 links in HN right now (https://news.ycombinator.com/item?id=44212446) are to different subdomains of github.io that resolve to the exact same IP addresses, so reverse DNS doesn't tell you which one is being visited.

And you can't even tell the TLD, because the TLD is "io", but the reverse lookup on the IPs will give you a TLD ending in "com".

> Heck, even _for this website itself_ the current IPv4 reverse DNS points to ycombinator.com.

That's because HN isn't behind the kind of CDN I'm talking about. But a lot are. Is your argument "since your ISP can see some of the sites you're going to, we should remove all protections and let them see all sites you're going to?"

  • AshamedCaptain  1 day ago

    I said top-level domain. Anyway, you have a better estimate, for the types of sites people here would visit? If HN itself isn't an example, then Github subdomains definitely ain't (not even close to the traffic of the main domain).