Erosion of user privacy with browser CT?

Question

One thing that is missing in the diagram of the entire Google/Apple Certificate Transparency architecture is the browser performing this CT log hash check.https://certificate.transparency.dev/howctworks/What is preventing the further erosion of end-users&rsquo; privacy when those massive CT loggers (about 14 of them) start correlating websites with browser&rsquo;s IP address?Unlike HPKP, the Chrome/Safari browser surely will be seeking some kind of hash verification (soon) and over DNS too.And I am not just talking about web owners who are seeking (even-less available) privacy, but now end-users&rsquo; privacy.Is this the end of digital privacy?references:- https://datatracker.ietf.org/doc/html/rfc6962- https://letsencrypt.org/docs/ct-logs/- https://certificate.transparency.dev/monitors/- https://datatracker.ietf.org/doc/html/draft-ietf-trans-rfc6962-bis-31#section-5.4

nickf · Accepted Answer

Browsers verify the SCTs (in the certificate or less often as part of the TLS handshake). https://blog.pierky.com/certificate-transparency-manually-ve...This verification needs no communication between the browser/user-agent and the CT logs.