But you are giving very little to the ISP to begin with. You can use encrypted D... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bubblethink on Dec 12, 2024 \| parent \| context \| favorite \| on: Review of Mullvad VPN But you are giving very little to the ISP to begin with. You can use encrypted DNS and most web content has TLS. The only gap there is SNI, which we should be able to close with TLS ECH. I don't know why ECH has been so slow to roll out.

piaste on Dec 12, 2024 [–]

Encrypted DNS is certainly an improvement, but it's only as anonymous as the IP address you are connecting to.

I am not aware of any firewalls that enforce the rule 'only attempt to connect to massively-shared cloud IPs that can't be easily subject to a reverse DNS lookup'.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact