@Eramdam fwiw I think the ISP, city, state thing was because knowing someone's IP is generally enough to give someone that information (with varying degrees of accuracy, of course), not because it explicitly sends that info
@hierarchon Yeah, but even then, if your ISP doesn't give you a fixed IP, this is moot. Same thing if you use a VPN.
@Eramdam jeffrey’s article doesn’t say it sends the location data. his article says that it allows for the linking of locations with requests:
Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings: Date, Time, Computer, ISP, City, State, Application Hash
the rationale for using plaintext over http isn’t easy to explain away: if the ocsp request was obfuscated in some way, it would prevent third-parties (like your internet provider, or oppressive government) from figuring out what you’re running. nothing prevents them from building a list of developer ids.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!