• toastal@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    What metadata? The headers are as encrypted as the payload. That there was a key exchange between you & a server isn’t too useful.

    “Usually” is a strong word for DNS as well since all OSs let you change it & the megacorporations like Google & Cloudflare have already compelled a lot of folks to use their DNS ta resolve faster since the ISP ones are slow (& the smarter, curious folks used that as a launching point to find other provider or self-host). Some platforms have even been shipping DNS-over-HTTPS to get around some of these issues (since the payload & headers are encrypted under TLS).

    • hatedbad@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      the hostname of a website is explicitly not encrypted when using TLS. the Encrypted Client Hello extension fixes this but requires DNS over HTTPS and is still relatively new.

    • Lemongrab@lemmy.one
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      It doesn’t matter if they are encrypted if you can sell the data about what the user is doing (eg if your connecting to a shopping website your probably shopping their). Better to obfuscate the source by choosing an endpoint that isn’t geographically related and associated with your identity. I only would ever recommend using a VPN that is open source and well audited by a renowned 3rd party auditor(s). https://luxsci.com/blog/what-is-really-protected-by-ssl-and-tls.html

    • Lemongrab@lemmy.one
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Usually means in 99.9% of typical configurations unless you are a techy or an enterprise.