- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
Cloudflare accelerates its network with security, traffic optimizations
Currently, the Brotli compression format is among the most widely used. Cloudflare is now rolling out a new option based on Zstandard (zstd) compression that has only been supported in the Google Chrome and Mozilla Firefox web browsers since March of this year.
“Zstandard gives pretty much the same compression levels of Brotli, but is about 42% faster than Brotli, and so it actually makes it viable to be using it at quite a wide scale,” he said.
Hello (encrypted) world
Privacy enhancements are also a key focus for Cloudflare, and that’s where the new Encrypted Client Hello (ECH) specification fits in. This feature addresses a longstanding privacy concern in web browsing. ECH is a proposed IETF standard that is currently undergoing review.
“One of the ways in which web browsing isn’t private is that your web browser goes and connects to your website and announces what it’s looking for in what’s called the client hello,” Graham-Cumming explained. “The solution to that is a thing called Encrypted Client Hello.”
ECH encrypts the initial “Client Hello” packet in the TLS handshake, which reveals the domain the user is trying to connect to. Encrypting this packet hides the destination domain from anyone monitoring the connection. To be clear, Graham-Cumming noted that ECH is different from other privacy efforts like DNS over HTTPS/TLS, which encrypts the DNS lookup process, so that the DNS server cannot see which domains the user is looking up.
The key difference is that Encrypted Client Hello focuses on hiding the destination domain in the initial TLS connection, while DNS over HTTPS/TLS focuses on hiding the DNS lookups that precede the TLS connection. Both techniques aim to improve user privacy by encrypting different parts of the web browsing process.