So a bit ago I got an add for “canned rambutan”. I had looked up Rambutan a few days prior after hearing it mentioned 10 hours into the video game Baby Steps. I wasn’t using a VPN at the time and I didn’t have fingerprinting protections active but I only mentioned it to a few sources (according to my browser history) all of which generally are implied to be private.
Which of these do you think is the reason the ad networks know?
- Wikipedia
- Startpage Search
- Duckduckgo Search
- My ISP
- Firefox
- My Firefox Extensions
- Kubuntu
- CachyOS
- The omnipotent algorithm connecting my mentions of Baby Steps with my progress through the game.
- Does this only make sense if my browser history is incomplete?
- Maybe I was using DNS over HTTPS via Cloudflare at the time of my search.
Any guesses as to where the weak link is?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.51K Posts
- 114K Comments
- Modlog
No, unless you browse http website. They’ll only see the domain name in the request SNI or during the DNS request.
But see ip you connect to. Reverse dns using own dns could show set of url possible on ip.
Reverse DNS would only show domain name, not URL. And even then a lot of websites are sharing IPs. No point in doing that when you’ve got SNI.
True only domain. TIL about sni. But vpn still protect against sni analysis no?
With a VPN it’s the VPN that has access to the list of domain you visit instead of your ISP. Whether you should put your trust in your ISP or a VPN is another question.
…and if you use DoH, they won’t even see DNS.
I would argue that you don’t need a VPN. It’s just another entity that can see your traffic, and there’s no reason to trust them over your ISP. They’re all for-profit companies.
https://www.pcmag.com/news/mullvad-vpn-hit-with-search-warrant-in-attempted-police-raid
Yeah you’re right man the VPN that got raided and proven to keep no logs is the exact same as ATT that helped the NSA spy on everyone in the USA and has your credit card and address on file.
https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/
Sure something like NordVPN wouldn’t be trustworthy but come on, saying all VPNs are just as trustworthy as ISPs is absolutely insane
But they’ll still see the SNI.
Not for long. That’s about to get fixed with encrypted client hello.
Yes but ECH/ESNI have been around for some time now, even if the official spec is recent, but adoption is stil l very low.