Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
codedokode a day ago

This is a reminder why all the traffic should be encrypted and obfuscated (i.e. no SNI in clear text). Ideally, the traffic should be encrypted to resemble a random noise. If you are making an app, you can embed public keys and use those to completely encrypt traffic, without relying on CAs.

For example, Telegram does this, using a homemade encryption protocol that has no clear-text SNI like HTTPS. As I remember, WeChat also uses some home-grown form of obfuscation.

As a bonus, this makes it more difficult for telecoms to discriminate against certain sites or apps and helps enforce net neutrality no matter if they like it or not.

saghm a day ago | parent | next [-]

Isn't the whole issue with net neutrality that ISPs would be incentivized to prioritize their own traffic (or that of companies they collaborate with)? How does making it harder for them to identify traffic for my app/service/whatever stop them from doing that? As long as they can identify the traffic they do want to prioritize (by companies who haven't done the process you describe), it's not obvious to me why they wouldn't have trouble deprioritizing my stuff based on them at least knowing that it's not their own, effect if they don't know whose it is? "Random noise" isn't likely to look like it's their special favorite traffic.

If everyone including the priority traffic did this, then I guess it would have an effect on net neutrality, then I could see that it would make a difference, but I don't see how that could be construed as "whether they like it or not" given that they could just as easily not implement this if they didn't "like it".

That's not to say this isn't worth doing for the privacy and security benefits, but I'm struggling to see how this would have any real-world influence on net neutrality.

anonymousiam a day ago | parent | prev [-]

It's also a reminder that no mater how secure you think you are, some third party may have access.

Consider that TAO (or SSF) can probably get through your firewall and router, and maybe into the management engine on the servers with your critical data.

The only thing you've got going for you is that they will (probably) keep your data secure (for themselves).

jwpapi a day ago | parent [-]

I mean if I create an offline private key and encrypt my message to be only read with my public key and I’ve learned about math and encryption. I can be assured that my receiver would need to be compromised.

I don’t like these general observation comments. This kind of makes it unappealing to learn about encryption, but it’s worth it and makes you choose either a proper encrypted software or use a key for secret messages.