Theoretically every web application you visit can be snooped by your ISP OR WORST if it uses TLS1.2 ... π€
Enter
1) TLS 1.3 with encrypted SNI to your rescue
2) tor
3) custom DNS (cloudflare 1.1.1.1)
Details :
βThe client adds the SNI extension containing the hostname of the site itβs connecting to to the ClientHello message. It sends the ClientHello to the server during the TLS handshake. Unfortunately the ClientHello message is sent unencrypted, due to the fact that client and server donβt share an encryption key at that point.
TLS 1.3 with Unencrypted SNI
This means that an on-path observer (say, an ISP, coffee shop owner, or a firewall) can intercept the plaintext ClientHello message, and determine which website the client is trying to connect to. That allows the observer to track which sites a user is visiting.β #Security #cyberdefense #cyberawareness #attacks #webapplicationsecurity #firewall #networksecurity #network #DNS #dnssecurity
More info at https://www.google.com/amp/s/blog.cloudflare.com/encrypted-sni/amp/
Top comments (0)