New Encryption Tech Makes It Harder for ISPs to Spy on You

An Internet service provider can see every website that you choose to access. And with the scrapping of Obama-era privacy regulations in 2017, the US federal government has no rules against ISPs collecting and selling your information to marketers. But new tech fixes are plugging the privacy holes that the government won’t. The effort began in April, when Firefox browser maker Mozilla and content delivery network Cloudflare rolled out measures to block one of the easiest ways for ISPs to snoop. They started encrypting the browser’s “DNS lookup” of a website’s numerical IP address–converting Google.com to 172.217.7.196, for instance.

Now Mozilla and Cloudflare, and possibly other tech companies like Apple, will start to close another loophole–one that reveals the identity of a multitude of smaller websites. Big sites–think Facebook, Google, Netflix–have their own IP addresses on the internet, currently making their identities impossible to hide. But a lot of smaller sites live together on server farms at shared IP addresses. To reach the right site among many at a particular address, your browser has to specify the site’s server name identification (SNI). Anyone sitting between you and the server–be it an ISP, a nosy government, or a hacker on a public Wi-Fi network–can easily read these SNIs to track your browsing. An emerging technology called Encrypted SNI, or ESNI, hides that information. Unlike encrypted IP address lookups, which Mozilla and Cloudflare simply switched on in April, ESNI will take a while to roll out.