Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

ESNI: A Privacy-Protecting Upgrade to HTTPS

EFF: “Today, the content-delivery network Cloudflare is announcing an experimental deployment of a new web privacy technology called ESNI. We’re excited to see this development, and we look forward to a future where ESNI makes the web more private for all its users. Over the past several years, we at EFF have been working to encrypt the web. We and our partners have made huge strides to make web browsing safer and more privacy through tools like HTTPS Everywhere and the Let’s Encrypt Certificate Authority. But users still face many kinds of online privacy problems even when using HTTPS. An important example: a 15-year-old technology called Server Name Indication (SNI), which allows a single server to host multiple HTTPS web sites. Unfortunately, SNI itself is unencrypted and transmits the name of the site you’re visiting. That lets ISPs, people with access to tap Internet backbones, or even someone monitoring a wifi network collect a list of the sites you visit. (HTTPS will still prevent them from seeing exactly what you did on those sites.)…”

…Today, Cloudflare is announcing a major step toward closing this privacy hole and enhancing the privacy protections that HTTPS offers. Cloudflare has proposed a technical standard for encrypted SNI, or “ESNI,” which can hide the identities of the sites you visit—particularly when a large number of sites are hosted on a single set of IP addresses, as is common with CDN hosting….”

Sorry, comments are closed for this post.