Comment by AshamedCaptain

17 hours ago

So you take literally the worst possible set of IPs (all of them cloudflare), IPv4 only, and yet Copilot (!) is easily able to reverse 50% of them:

  104.21.3.245 -- trebaol.com
  104.21.80.31 -- diwank.space
  104.26.4.133 -- daringfireball.net 
  104.21.112.1 -- simonwillison.net , taras.glek.net

This was literally the worst example you could possibly do. I hope you kept which one was which, I'd like to know if Copilot was right.

In the meanwhile, from the current top #30 articles on HN (also via copilot script, but I removed non-cloudflare IPs):

  ycombinator.com -- no CDN
  letsbend.de -- no CDN
  grepular.com -- no CDN
  xania.org -- cloudfront
  github.io -- no common CDN
  owlposting.com -- AWS, but IPv4 remained static
  netfort.gr.jp -- no CDN
  simonwillison.net -- cloudflare, 104.21.112.1 fixed
  folklore.org -- azure, 13.107.246.1-255 range
  danq.me -- no CDN
  nature.com -- fastly, IPv4 remained static
  daringfireball.net -- cloudflare, 104.26.4.133
  ssp.sh -- no CDN
  trebaol.com -- cloudflare, 104.21.3.245
  glek.net -- cloudflare, 104.21.112.1
  gov.uk -- AWS, but IPV4 remained static
  phys.org -- no CDN
  diwank.space -- cloudflare, 104.21.80.31 
  free.fr -- no CDN   (my French ISP, btw)
  ericgardner.info -- AWS, but IPv4 remained static
  ghuntley.com -- fastly, IPv4 remained static
  paavo.com -- no CDN
  railway.com -- cloudflare, 104.18.24.53
  alloc.dev -- cloudflare , 188.114.96.2

Look at how many of them are self-hosted, have zero CDN, or otherwise return me always the same IP (even when I try from 3 different ISPs) which makes them trivial to reverse address. This is already a pretty huge success rate and all my context is that you browsed HN first (which I know, see first result on the list). Now imagine the tools a ISP will have at its disposal:

- IPv6

- Its Geo region will actually match yours

- Routing tables

- The patience to also include resources fetched from these pages in the analysis (i.e. page X always gets its JS from Y domain which results in a constant Z KB transfer).

- The rest of your browsing activity

- The rest of everyone's browsing activity including most popular _current_ hosts for each hostname.

Do you still claim that it is "impossible" to track your activity because of CDNs? I still bet you your ISP can do it with _100%_ accuracy.

2 comments

AshamedCaptain

Reply
josephcsible  17 hours ago

They're not all running single IP ECH yet. I was just making the point that it's not as trivial as a reverse DNS lookup, as you said it was.

  • AshamedCaptain  17 hours ago

    It took me the whole of one Copilot conversation to do the entire thing. Most of the top #30 results are in fact one reverse DNS away. The rest is not much more complicated.

    They're never going to be "1 IP ECH" . That would be the end of the Internet as we know it.

    If it ever happens that the majority of the WWW is 1 CDN, we have a bigger privacy problem than DNS. Much bigger.