Oddbean new post about | logout

Notes by 2cdbfee8 | export

Kay Ohtie, Bat-Yotie! | 1 years ago (raw) | root | parent | reply | flag 
 nostr:npub1xe6zf6ltptjt2za2w6wwv0z89a9rfegcty4fvdwy8kcqvsmlc62q8u2hkp Wait is...this like the pro...
2cdbfee8 | 1 years ago (raw) | root | parent | reply | flag 
 @93068179 I don't think so. This is just to establish a secure TLS connection.

The public key being intercepted in the unencrypted DNS response is not a concern since it's not meant to be a secret.

Now if one is using plain DNS, all the benefits of ECH are nullified: the adversary can just watch DNS traffic, instead of client hello messages, to figure out where the user is going.
2cdbfee8 | 1 years ago (raw) | full thread | reply | flag 
 #Google: Here’s a new and easy way for you to share your browsing interests with advertisers.

#Firefox: *rolls out a TLS extension to hide the websites you visit from your ISP and anyone else sniffing your traffic*

See the difference? Choose wisely.

#privacy #googleChrome
2cdbfee8 | 1 years ago (raw) | full thread | reply | flag 
 #Firefox just announced a new #privacy feature: Encrypted Client Hello (ECH). In short, it encrypts the very first message the browser sends out to initiate an encrypted communication tunnel (TLS channel) with a website.

"ECH uses a public key fetched over the Domain Name System (DNS) to encrypt the first message between a browser and a website, protecting the name of the visited website from prying eyes and dramatically improving user privacy."

https://blog.mozilla.org/en/products/firefox/encrypted-hello/