undefined | Better HN

0 pointssillystuff3y ago0 comments

Your ISP can collect your traffic history AND trivially connect that history to your identity, and sell/provide data to brokers, TLAs, police etc.

Cloudflare can collect your traffic history, but can only connect that history to your originating IP + timestamp. Their official client may be able to collect more info though. But, warp is just wireguard, so you do not need to run their official client there are shell/python scripts floating around to get the keys / endpoint IPs setup for Warp to use with std. in-kernel wireguard.

Further, all the telcos in the US are known to have colluded in illegal NSA spying on Americans. Cloudflare has not been caught at this yet. So, you can look at it as a choice of exposing your browsing history to an entity that may be not be lying and actually is not snooping vs. telcos that are known to have lied and definitely have and are likely still snooping.

0 comments

marginalia_nu3y ago

> Your ISP can collect your traffic history AND trivially connect that history to your identity, and sell/provide data to brokers, TLAs, police etc.

That's exaggerating quite a bit. Maybe in 2005 they had that sort of insight, but with HTTPS everywhere things are different. Your ISP can only see which IPs you're connecting to, possibly which hosts you're looking up depending on your setup but DNS-over-TLS and the like will put a wet blanket on that.

Cloudflare (even without warp) has a much clearer picture of your browsing habits. Not only do they see which webpages you are requesting since they're situated as a MITM between you and a significant chunk of the servers online, they do quite a lot of browser fingerprinting and tracking for bot mitigation that could, theoretically, be used to identify humans as well.

sillystuffOP3y ago

SNI is majority clear-text today, so your ISP can collect the sites you are visiting and not just their IPs even with TLS. Hopefully that changes soon.

Your point about cloudflare having even more access to your browsing details than the list of sites you have visited that your ISP can collect is a good point. It is kinda crazy how so many companies are OK with a 3rd party terminating TLS for them. And, back on the first point, most sites that do support ESNI today are behind Cloudflare (makes your point even stronger).

But, still, Cloudflare would have to be snooping on content to correlate identity (at Cloudflare scale, that means they would have to already be targeting you), while your ISP already has it.

For me personally (stuck with Verizon which is known to snoop and sell data), I prefer "trusting" Cloudflare until they are shown to be a bad actor like Verizon too.

Varloom3y ago

Wrong, even with HTTPS & secure DNS, your ISP can see every site you visit in plain text from SNI requests.

marginalia_nu3y ago

ESNI is a thing, which Cloudflare ironically supports.

1 more reply

j / k navigate · click thread line to collapse

0 pointssillystuff3y ago0 comments

Your ISP can collect your traffic history AND trivially connect that history to your identity, and sell/provide data to brokers, TLAs, police etc.

0 comments

marginalia_nu3y ago

> Your ISP can collect your traffic history AND trivially connect that history to your identity, and sell/provide data to brokers, TLAs, police etc.

sillystuffOP3y ago

SNI is majority clear-text today, so your ISP can collect the sites you are visiting and not just their IPs even with TLS. Hopefully that changes soon.

But, still, Cloudflare would have to be snooping on content to correlate identity (at Cloudflare scale, that means they would have to already be targeting you), while your ISP already has it.

For me personally (stuck with Verizon which is known to snoop and sell data), I prefer "trusting" Cloudflare until they are shown to be a bad actor like Verizon too.

Varloom3y ago

Wrong, even with HTTPS & secure DNS, your ISP can see every site you visit in plain text from SNI requests.

marginalia_nu3y ago

ESNI is a thing, which Cloudflare ironically supports.

1 more reply

j / k navigate · click thread line to collapse