this post was submitted on 03 Oct 2023
641 points (98.9% liked)

Firefox

17907 readers
25 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago (1 children)

So with this the ISP, or someone else sitting in the middle, would not even know the URL you're accessing?

[–] [email protected] 5 points 1 year ago (1 children)

I don't think so, that'd be straight up impossible unless you're behind a VPN. Your ISP can see every connection made between you and any other server, but a VPN uses encrypted payloads between their servers and you, and they make the requests using their servers, and pass the results to you. That way, your ISP only sees that you're using a VPN, but can't see anything else.

As far as I understand it, ECH uses DoH (DNS Over HTTPS) to encrypt the domain name of your connections, but a direct IP address is always required, and most of the times, it's enough to determine the website, as the ISPs can locate just about anything easily. However, the ISP won't be able to (easily) know anything else about the connection, which remains unbroken between you and the server you're connecting with.

But still a very good feature nonetheless.

[–] [email protected] 2 points 1 year ago (1 children)

IPs of websites are fine to expose in this day and age, in my opinion and threat model.

Most sites being hosted in the cloud, with rotating IPs give you obscurity there.

[–] [email protected] 1 points 1 year ago

Agreed. Most of the servers are behind proxies anyway.