"QUIC includes a connection identifier which uniquely identifies the connection to the server regardless of source. This allows the connection to be re-established simply by sending a packet, which always contains this ID, as the original connection ID will still be valid even if the user's IP address changes."
@MatejLach this is the equivalent of a source/destination ip/port 4-tuple when using http/2 (http with connection multiplexing). Assuming browsers treat that in the same way (don't share connection between normal and "private browsing" tabs for instance), it should change pretty much nothing to the current tradeoff. It is not supposed to be a persistent id resisting a browser restart, or any sort of super-cookie
@MatejLach with HTTP/2, your connection would get dropped when going on or off of the VPN, with HTTP/3 it won't, with this id. Note however that with HTTP/2 (as for 1 and 1.1), this connection loss will make the browser reissue the same requests, including cookies (and possibly other identifying headers), so both sessions can be linked fairly easily by remote server. If using a VPN to hide your ip from a server, you should not go on and off your VPN, as it defeat the whole purpose.
@MatejLach I would recommend having a separate browser for VPN and non-VPN access to internet if you really want to do both
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!