this post was submitted on 03 Oct 2023
634 points (98.9% liked)
Firefox
17898 readers
59 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So with this the ISP, or someone else sitting in the middle, would not even know the URL you're accessing?
I don't think so, that'd be straight up impossible unless you're behind a VPN. Your ISP can see every connection made between you and any other server, but a VPN uses encrypted payloads between their servers and you, and they make the requests using their servers, and pass the results to you. That way, your ISP only sees that you're using a VPN, but can't see anything else.
As far as I understand it, ECH uses DoH (DNS Over HTTPS) to encrypt the domain name of your connections, but a direct IP address is always required, and most of the times, it's enough to determine the website, as the ISPs can locate just about anything easily. However, the ISP won't be able to (easily) know anything else about the connection, which remains unbroken between you and the server you're connecting with.
But still a very good feature nonetheless.
IPs of websites are fine to expose in this day and age, in my opinion and threat model.
Most sites being hosted in the cloud, with rotating IPs give you obscurity there.
Agreed. Most of the servers are behind proxies anyway.