This isn't privacy. This is centralized snooping.
It's like Google's approach to third party cookies. Nobody other than Google can have tracking information.
These parameters are described in the v1.5.6 release notes [0]. ZSTD_c_targetCBlockSize is the most notable, but ZSTD_c_maxBlockSize can also be used for a lower CPU cost but larger compressed size.
Are you using these features at Cloudflare? If you need any help using these, or have any questions, please open an issue on Zstandard's GitHub!
Given how branchless algorithms are helping optimize not just network transport (compression) and even OS system libs (no citation for this one, but I’ve heard), that I really wish colleges begin teaching this along with DS/Algo course material.
Edit: just look at how many sites you're locked out of if you don't have JS enabled or run an uncommon configuration.
Given we now have two strictly better algorithms than gzip, I also wonder about a hybrid scheme that starts with Zstandard but switches to Brotli when the compression time is no longer significant for given request. We might even be able to cheaply convert the existing Zstandard stream into Brotli with some restrictions, as they are really LZSS behind the scene?
ECH seems directly opposed to Chinese governments control of the web.
They do not have anybody else's best interests at heart and are actively centralizing that which was explicitly intended to not be centralized.
CF blocks Tor; you can't get past the captcha.
let the cat and mice game between deep packet inspection (DPI) vendors and the rest of the encrypted internet continue. it’ll be amusing to see what they come up with (inaccurate guessing game ai/ml “statistical analysis” is about all they’ve got left, especially against the large umbrella that is cloudflare).
game on, grab your popcorn, it will be fun to watch.
ECH makes it hard to block known scam sites at the network layer, for example.
> Zstandard
I get "faster" but how does it make the internet "more private". The word "private" only shows up exactly once on that page, in the title.
And while we're explaining things... ODoH (indirectly mentioned in the article via the Encrypted DNS link) comes with a big bold warning it's based on the fundamental premise that the proxy and the target servers do not collude. When both are operated by the same company, how can you know they aren't colluding? Is there some mechanic in the protocol to help protect users from colluding servers?