alt Hacker NewsThey are also probably collecting DNS records from millions of customers too or inspecting SNI on TLS handshakes to know what sites each customer is visiting.
ECH and DOH people!
Replies
kmbfjr • last Tuesday at 2:40 PM
They most certainly are. Large ISPs use Nokia Deepfield or Kentik for network monitoring, observability and user metrics. Both work due to volumes of metadata from net flows and DNS.
My gut tells me the broken intercept is a Nokia product.
➕ show 1 reply
eqvinox • last Tuesday at 11:56 AM
> "Encrypted Client Hello (ECH) - Enabled, limited effect"
Not sure what TFA means with this, reads like ECH doesn't help
Coincidentally, this article's webpage breaks copy & paste in its tables for presumed reasons of being "cutesy" with table click behavior. Can people please stop doing idiotic shit like this?
None of that requires messing with the connection though. You can't draw just passively observe and get the same info.