undefined | Better HN

0 pointsKirinDave6y ago0 comments

Why do you want to present a false sense of improved privacy by only obfuscating your DNS queries in these networks?

It seems to me like these DNS tricks are parlor tricks in a security sideshow. Any attacker that could see your packets can also see who you are connecting to. It's pretty rare that SNI does anything relevant to a real threat model.

I think a false sense of privacy is at least as dangerous as the alternative.

0 comments

woofcat6y ago

>Any attacker that could see your packets can also see who you are connecting to.

Yes they'd see that you're connecting to one of the largest reverse proxies in the world.

j / k navigate · click thread line to collapse

0 pointsKirinDave6y ago0 comments

Why do you want to present a false sense of improved privacy by only obfuscating your DNS queries in these networks?

I think a false sense of privacy is at least as dangerous as the alternative.

0 comments

woofcat6y ago

>Any attacker that could see your packets can also see who you are connecting to.

Yes they'd see that you're connecting to one of the largest reverse proxies in the world.

j / k navigate · click thread line to collapse