← Back to context

Comment by varenc

2 days ago

If someone is browsing the internet on in-flight wifi, and their DNS requests get leaked this way, I don't really think its the casual airline user's fault for not encrypting their DNS traffic. Modern cell phone data traffic (4G/5G) is all encrypted, so the same unencrypted DNS requests can't just be passively sniffed. Something similar should happen here.

I'd blame the airline or their ISP provider for sending unencrypted traffic through the air like this. Not the satellite, but its top level customer. There's a big difference, IMHO, between your ISP being able to sniff your fiber traffic, and your traffic being observable from ~30% of the globe.

2 comments

varenc

Reply
jeffrallen  2 days ago

It is the fault of the end user software not protecting them. This is why we have encrypted SNI (promoted by Cloidflare, for example).

  • mike_d  1 day ago

    I don't know if you've ever tried to actually use in flight wifi, but any traffic not subject to inspection is heavily throttled to the point of being unusable.

    ESNI is also a technology in search of a problem. It does not provide any meaningful security benefits.