Unencrypted SNI Privacy

The cluster discusses the privacy leak from unencrypted Server Name Indication (SNI) in TLS handshakes, allowing ISPs and observers to identify destination domains despite HTTPS encryption. Commenters debate solutions like Encrypted SNI (eSNI), TLS 1.3 features, and their limited deployment.

📉 Falling 0.4x Security

2,194

Comments

Years Active

Top Authors

#7152

Topic ID

Activity Over Time

2008

2009

2010

2011

2012

2013

102

2014

135

2015

116

2016

116

2017

162

2018

343

2019

192

2020

248

2021

146

2022

190

2023

123

2024

2025

2026

Top Contributors

tialaramex (69) 1vuio0pswjnm7 (60) icebraining (25) toast0 (12) mike-cardwell (12)

Keywords

SNI SAN brave.com DNS HN RELEASE HTTPS cloudflare.com XP google.com sni tls domain encrypted host ssl certificate protocol header handshake

Sample Comments

morpheuskafka • May 4, 2019 • View on HN

Would encrypted SNI fix this?[1] https://blog.cloudflare.com/encrypted-sni/

sroussey • Apr 10, 2019 • View on HN

SNI is getting encrypted soon too

dagenix • Sep 9, 2018 • View on HN

... except that SNI isn't encrypted.

merb • Apr 6, 2017 • View on HN

just from reading the docs there is no indication about SNI.

enitihas • Jul 10, 2020 • View on HN

It won't help alone without encrypted SNI.

skissane • Oct 8, 2020 • View on HN

eSNI is going to fix thathttps://tools.ietf.org/html/draft-ietf-tls-esni-07

grishka • Jun 26, 2020 • View on HN

Also don't forget about SNI. This exposes the domain you're connecting to over TLS. Yes, I know eSNI is a thing, but it's new and so unlikely to be deployed much.

Fry-kun • May 20, 2016 • View on HN

That can't be it, SNI certs had been supported for a long time already

a012 • Jan 23, 2020 • View on HN

SNI (Server Name Indication) leak is still present and your ISP may know what website you're asking.

o-__-o • Sep 12, 2019 • View on HN

Couldn’t your isp watch traffic to pull out SNI information?