Coordinated by Italy last month, a huge law enforcement operation reportedly 'dismantled' a pirate IPTV service with 22 million users. That's an extraordinary number and shows why countries like Italy have adopted mass site blocking measures. Logic suggests that the removal of such a huge player from the market might reduce the need for blocking measures, if only temporarily. The data shows that in the wake of the action, blocking demands significantly increased.

you are viewing a single comment's thread
view the rest of the comments

[–] khorovodoved@lemm.ee 3 points 2 months ago* (last edited 2 months ago) (1 children)

TLS clienthello contains unencrypted string, called SNI, that contains the domain of a destination web site. It must be unencrypted to work, because web sites read this string to determine which certificate to use.

You do not break encryption. It is unencrypted by design.

With all due respect, but it seams to me that you do not quite understand how HTTPS works. For encryption it relies on TLS protocol. And TLS does not encrypt everything, it encrypts only payload, but it also has to share some additional data to even establish encrypted connection. The majority of that work is done by exchanging clienthello and serverhello. To do that client has to clarify what server he is even trying to reach as there can be multiple servers on IP, but they have separate certificates, support different cyphers etc. For that a string "SNI", that contains domain name is used. Only after client and server exchange all the necessary information encrypted conversation can start. So, by looking into clienthello and reading SNI any MITM can determine what web site are you trying to reach.

[–] hendrik@palaver.p3x.de 1 points 2 months ago

Oh, thank. Now I know what ECH stands for. I'll look it up.