Privacy for Subdomains: the Problem
Posted4 months agoActive4 months ago
blog.frankel.chTechstory
calmneutral
Debate
0/100
Web SecurityPrivacySubdomains
Key topics
Web Security
Privacy
Subdomains
The article discusses the privacy implications of subdomains and their potential to compromise user data, with the HN discussion showing interest in the topic.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
53m
Peak period
1
0-1h
Avg / period
1
Key moments
- 01Story posted
Sep 22, 2025 at 3:32 PM EDT
4 months ago
Step 01 - 02First comment
Sep 22, 2025 at 4:25 PM EDT
53m after posting
Step 02 - 03Peak activity
1 comments in 0-1h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 22, 2025 at 4:25 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45338361Type: storyLast synced: 11/17/2025, 1:08:20 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
For the purpose of cloaking IP address associations, any proxy will do - doesn't have to be Cloudflare. Note that in case you use HTTP-01 challenges, this approach still exposes you to the proxy operator and gives them an MitM opportunity.
You can do both approaches combined, fwiw. Wildcards have the benefit of not leaking subdomain names in transparency logs at all.
If you provision via ACME, you should use DNS-01 instead of HTTP-01. It removes the need to associate a public IP in the first place and reduces the MitM vector (which can be mitigated with DNSSEC).