@Eramdam jeffrey’s article doesn’t say it sends the location data. his article says that it allows for the linking of locations with requests:
Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings: Date, Time, Computer, ISP, City, State, Application Hash
the rationale for using plaintext over http isn’t easy to explain away: if the ocsp request was obfuscated in some way, it would prevent third-parties (like your internet provider, or oppressive government) from figuring out what you’re running. nothing prevents them from building a list of developer ids.
- replies
- 0
- announces
- 0
- likes
- 0