Hi, On Sat, Aug 16, 2025 at 05:40:33PM +0200, john doe wrote: > Note that VPN providers will know what web site you are looking at.
Maybe yes, maybe no. The Internet is increasingly centralised with for example so many web sites served by Cloudflare. The host and URL that the browser requests is done inside the https connection so all the VPN provider sees is a port 443 connection to some Cloudflare IP address. Now, the DNS is often clear text UDP on port 53, so if your DNS server is also reached by the VPN they may be able to see what you are resolving, which would indeed reveal the sites you use (but not the URLs, directly¹). Yet, increasingly DNS privacy measures are in place like again Cloudflare and others offering DNS over HTTPS, or alternatively DNSCrypt. So in fact I am personally more concerned about the vast trove of user data that Cloudflare has as opposed to any individual VPN provider. Thanks, Andy ¹ With knowledge of the layout of a web site it is possible to statistically partially recreate a user's journey through the site based on what their DNS queries are. Similarly by analysing other traffic flow metadata like file size it can be guessed which assets have been requested without being able to see the content of the assets on the wire. This has been one argument for https Debian mirrors, even though Debian packaging format has its own anti-tampering precautions. -- https://bitfolk.com/ -- No-nonsense VPS hosting
