And hopefully in the future they won’t even he able to see the domain. I wonder why they never considered giving out certificates for IPs to solve this problem. Seemed like the easiest solution to me.
It doesn’t really help. The ISP needs to route you somewhere to get the data, so they’ll need to know who you want to talk to. Even if they don’t see the DNS name (like if you used a third party DNS server) they can still associate the IP address with someone.
There’s things like TOR and VPNs that can route your information through other third parties first, but that impacts performance pretty significantly.
Yeah, but often enough multiple sites share a single IP. It would already be better if the ISP (and everyone in between) didn’t know whether I wanted pink-fluffy-unicorns.com or hardcore-midget-bdsm.com.
Depending on where you’re going even IP addresses are getting to the point that they aren’t helpful. IP addresses are likely to belong to a cloud provider, and unless they are hosting email or a service that requires a reverse record, all you’d get is the cloud provider’s information.
Yeah, that’s what I meant originally. But I still don’t know how to enable that in my Apache. My Google-Fu isn’t good enough. All I see is ads for CDNs and conflicting information about whether it’s supported in Apache or not.
And hopefully in the future they won’t even he able to see the domain. I wonder why they never considered giving out certificates for IPs to solve this problem. Seemed like the easiest solution to me.
They need the IP address to know where to forward the packet to. Hard to avoid that without VPN or TOR.
It doesn’t really help. The ISP needs to route you somewhere to get the data, so they’ll need to know who you want to talk to. Even if they don’t see the DNS name (like if you used a third party DNS server) they can still associate the IP address with someone.
There’s things like TOR and VPNs that can route your information through other third parties first, but that impacts performance pretty significantly.
Yeah, but often enough multiple sites share a single IP. It would already be better if the ISP (and everyone in between) didn’t know whether I wanted pink-fluffy-unicorns.com or hardcore-midget-bdsm.com.
Depending on where you’re going even IP addresses are getting to the point that they aren’t helpful. IP addresses are likely to belong to a cloud provider, and unless they are hosting email or a service that requires a reverse record, all you’d get is the cloud provider’s information.
The future is now, old man.
SNI says no.
ECH/ESNI says yes
Yeah, that’s what I meant originally. But I still don’t know how to enable that in my Apache. My Google-Fu isn’t good enough. All I see is ads for CDNs and conflicting information about whether it’s supported in Apache or not.