this post was submitted on 05 Oct 2023
180 points (100.0% liked)

Firefox

457 readers
23 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
180
Say (an encrypted) hello to a more private internet. | The Mozilla Blog (blog.mozilla.org)
submitted 1 year ago by kixik@lemmy.ml to c/firefox@lemmy.ml
9 comments fedilink hide all child comments
 

r/privacy

top 9 comments
sorted by: hot top controversial new old
[–] End0fLine@startrek.website 20 points 1 year ago

I'm going to wait for someone more knowledgeable on this subject to come by and correct me, but this seems pretty cool to me.

[–] justinh_tx@lemmy.ml 10 points 1 year ago (4 children)

If a packet is traversing an ISP's network the ISP should have to know where it is coming from and where it is going, right? So even if you "encrypt the first hello" packet, the ISP would still know where it was routed, right?

I'll freely admit I have only a very basic (and likely outdated) understanding of IP networking, but I don't see how this protects my browsing habits from my ISP. Even if they can't understand my "hello" to lemmy.ml, they still know I'm talking to lemmy.ml's IP address about something.

What am I missing?

[–] jmcs@discuss.tchncs.de 12 points 1 year ago

Your ISP is mostly going to be seeing AWS, Azure, GCP, Cloudflare, etc IP addresses.

[–] venusenvy47@reddthat.com 4 points 1 year ago (1 children)

If I understand correctly, someone other than your ISP could see the name of the website, since it isn't encrypted. I think it would bounce through several servers that could possibly read the data.

load more comments (1 replies)
[–] achsonaja@lemm.ee 2 points 1 year ago (1 children)

Yeah I think it has the same limitations that pretty much anything not through a vpn has because you still have to tell your isp where to send the data. Your isp will still see some things, even if it’s encrypted (metadata, DPI, habits, and things beyond my knowledge). This sounds like a step in the right direction for the majority of people though, even if it’s minor.

I kind of see it like differentiating between them seeing lemmy.ml via this vs lemmy.ml/thing-i-want-private/peronal.html without it, but I could be wrong about that.

load more comments (1 replies)
load more comments (1 replies)
[–] library_napper@monyet.cc 4 points 1 year ago (1 children)

Ok, but how many servers support it?

[–] tranxuanthang@lemm.ee 10 points 1 year ago (1 children)

All sites that are proxied through Cloudflare, even free tier. So it's safe to say half of internet are supported ECH already.

[–] library_napper@monyet.cc 3 points 1 year ago

That's a low bar. I can't even access most of those sites due to misconfiguration of the antibot settings.

I'm mostly asking for the websites that I run, which are not behind CF.

[–] achsonaja@lemm.ee 3 points 1 year ago (2 children)

Does this rely on DOH? Seems like if I’m running my own recursive DNS that this won’t apply to me.

load more comments (2 replies)