Hacker News new | past | comments | ask | show | jobs | submit login

[flagged]



By that logic, wouldn't every ISP have a moral obligation to MITM all of their customers' traffic? Obviously that's wrong.


SNI monitoring is a reasonable compromise, and I think a healthy one: Your ISP doesn't need to deep inspect your traffic to Microsoft because it accepts that Microsoft is doing something reasonable with it. It allows delegating authority which at least gives a path for investigation or blocking if necessary without seeking an extreme amount of transient information.

I would say if ECH is implemented the correct response would unfortunately be to MITM it if too many providers implement it to just block it entirely. I suspect large companies won't force it to maintain a wide customer base, and again, any reasonable network operator should just block anyone who does.

ISPs absolutely have all sorts of regulatory needs and network performance reasons to classify traffic. It's an unpopular view, but it's reality. (And I would encourage you to investigate who pays the people telling you otherwise, before someone links Mike Masnick here.)


> SNI monitoring is a reasonable compromise, and I think a healthy one

No, it’s not.

ISPs have no right to know who I am speaking to or why.


I mean you have no right to use their networks either. You generally agree to terms as a condition of use of said networks.


I didn’t agree to terms that require I provide them with plaintext traffic to analyze.


What is a "privacy focused app"?

Is Chrome, which aggressively supports and promotes HTTP a "privacy focused app"?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: