| ▲ | gzread 12 hours ago | |
> filtering those devices' network requests at the network gateway, or filtering one hop up onto the provider's infrastructure These things are not possible with any reliability, we spent two decades encrypting everything. | ||
| ▲ | sfRattan 11 hours ago | parent [-] | |
I'm not imagining filtering based on the path. Even with https, hostname is visible before the handshake. And even when Encrypted Client Hello is widely implemented, it's also easy enough for network providers to drop any ECH packets from devices flagged as "for children" and signal to those devices that their handshake must reveal the hostname, at least to the router doing the filtering. | ||