> the part that changes is passive fingerprinting from third parties - network middleboxes, ISPs, DPI systems
replyRight. Things that should never have been allowed to exist to begin with. Working as designed.
> the part that changes is passive fingerprinting from third parties
replyThat's exactly what I said:
> It only prevents your ISP from knowing what website you're connecting to.
Why would Clownflare ever see traffic to sites not on Clownflare?
replyThey do routing. Even if you're connecting to a non Cloudflare server, the traffic may still be routed through their servers.
replyWhy would they want to peek traffic? Most likely for statistics (most frequently visited websites etc).
Can you give an example of a BGP route or traceroute to a site not on Clownflare that was routed through Clownflare?
replyIt depends on the origin and the destination. Their Magic Transit service explicitly allow this, and I assume they have agreements with other AS in case something goes wrong on either side (it often does). You'd have to directly ask them to know specifically but I don't think they would answer since that's proprietary information.
reply