Comment by NoahZuniga

7 hours ago

> Even if you're worried about other people sniffing network traffic, the hostname you're visiting still gets revealed in plaintext during the SNI handshake

Many sites now support Encypted Client Hello. This makes it possible to send the hostname after the connection has been encrypted. This is enabled by default on cloudflare hosted domains (when cloudflare also manages DNS).

1 comment

NoahZuniga

Reply
pabs3  3 hours ago

There was a report some years ago that found the IP address being connected to is often enough to identify the website being visited, even when using a CDN. I think you have to go to VPNs at a minimum, or Tor preferably. Tor doesn't help with correlation attacks from global passive/active adversaries though, or even folks with access to a lot of netflow data.