WingNews logo WingNews
top | item 35168997

(no title)

skuhn | 3 years ago

More about Oblivious HTTP and what Fastly is doing here is in a blog post that I wrote [1]. I wrote the OHTTP relay service for Fastly and was heavily involved in this deal.

Some points about how the service operates:

- Fastly does not receive your Chrome browsing history by virtue of running this service, because there is not a 1-1 mapping between URLs browsed and OHTTP requests made. We also cannot view the encapsulated request (which is passed to Google).

- Fastly does not capture access logs for this service, and no logs are sent to Google. There is only access to service-level metrics.

- Google does not have access to modify the configuration of this Fastly service, and does not own the domain or TLS key associated with it.

[1] https://www.fastly.com/blog/enabling-privacy-on-the-internet...

discuss

order

hdevalence|3 years ago

Is Fastly planning to make their OHTTP service generally available (rather than just to specific deals)?

skuhn|3 years ago

Yes, I'm working on bringing Fastly's OHTTP Relay to GA, which will allow us to offer it to more customers. That's ultimately more of a pricing and business process thing than any additional technical work. The implementation is feature complete at this point. Planning for that in Q2 (mid-April if all goes well).

I'm not (currently) planning to support customer self-service for this, because I anticipate that most customers may want:

1. Fastly to operate the OHTTP relay service, so that they can clearly state that they can't interfere with its operation to their end users.

2. Customization around business logic. We do plan to re-use the core service implementation across customers, but I've found with the initial implementations that there is an additional layer of business logic that's valuable (things like specifically which headers to strip / pass, using backend API key, verifying a client shared secret, etc.).

However, if it becomes apparent that self-service is desirable here, I'll definitely consider that. There would be a bit more work on the engineering side to enable that.

If you might be interested in that service, I'm happy to discuss: <hn username> @ fastly dot com