Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hzwanip 7 hours ago

What OP wrote seems correct:

> ECH basically kills TLS fingerprinting as a bot detection signal

They are not talking about fingerprinting in general. Please elaborate how else TLS fingerprinting can be done.

szmarczak 7 hours ago | parent [-]

I am talking about TLS fingerprinting, not JS fingerprinting.

> Please elaborate how else TLS fingerprinting can be done.

By doing everything as it is right now?

hzwanip 7 hours ago | parent [-]

How would you (an arbitrary web server) fingerprint a TLS connection if the Client Hello is encrypted?

conradludgate 7 hours ago | parent | next [-]

The website owner (or cloudflare in this case) has the keys to decrypt the client hello. That's necessary for routing information.

hzwanip 7 hours ago | parent [-]

You're right, sorry! I got confused myself.

szmarczak 7 hours ago | parent | prev [-]

By decrypting it? I don't think you know how TLS, or E2E works in general. ISP doesn't perform the fingerprinting, the server does.

hzwanip 7 hours ago | parent [-]

Of course! My bad, thanks for engaging.