ECH in TPB's Cloudflare Reverse Proxy
#1
I found Cloudflare's new ECH feature very interesting. The idea is that browsers leak the server name indication (SNI) in plaintext, and ISPs can (and do) use this to block access to websites. That is, thepiratebay.org is revealed as thepiratebay.org to an ISP, even with full HTTPS enabled and encrypted DNS.

This new feature means that the browser is able to send a fake SNI in plaintext, in Cloudflare's case cloudflare-ech.com, and encrypt the real SNI of thepiratebay.org in the TLS handshake. This means that the most an ISP can get is an IP address, which in Cloudflare is a fast-moving target that you can't really block without impacting other Cloudflare servers.

My suggestion is that an admin take a look in the settings and consider enabling this feature at some point so that thepiratebay.org is no longer censored.

The technical details to enable this are here: https://developers.cloudflare.com/ssl/ed...cates/ech/

Yours sincerely,
krimson
Reply
#2
Thank you for your detailed post explaining the concept in your own words.

We will try to get this message through to the admins (again).
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Placing TPB behind Cloudflare does make us(users) vulnrable to secret agencies? sexyblonde 2 16,094 Sep 10, 2020, 17:55 pm
Last Post: sexyblonde
  Leaving Comments on TPB Proxy Sites lookingglass 4 18,164 Oct 20, 2014, 14:05 pm
Last Post: Spud17



Users browsing this thread: 1 Guest(s)