[deanhills]

Alas, with all the progress outlined above, we're still too short to claim any privacy on the Web, and here is why: we are leaking the site's own identity even if that communication is done via HTTPS (be it TLS v1.2 or even v1.3.) On that simple information, anyone sitting between you and that server will be able to get a pretty good idea about YOU!.. and that's a gold mine for a lot of reasons, starting from the trivial (business related stuff-i.e. selling that info to the highest bider) to the sensitive (legal related matters.)

Thank you for your detailed explanation @fChk.  This may or may not have anything to do with this, but a few months ago I'm almost certain I was a victim of DNS hacking.  I was wondering whether this could be related to your topic along the lines of "leaking a site's identity".

There are rogue hackers who may open a VPS/Server account with IP XXX.  They then have a domain that is registered say with Namecheap, and the IP of that account is registered with the domain at Namecheap. Namecheap of course doesn't ask any one to verify the IP that they insert with the Domain to modify the DNS of the domain with an external IP - they can technically add or modify the IP of their domain at any time they wish without having to go through a DNS verification process.  And there is also not a system where when a service is ended and the IP withdrawn and reused, that the IP that was given is automatically removed from the domain hosted by the domain registrar.  

So very shortly after I purchased a VPS in March with Contabo, I got a terrible notification that my IP was guilty of attacking other Websites.  The complaint said that two domains (the ones I mentioned above) were hosted by my VPS with my IP and were attacking other Websites.  Of course, by the time we figured this out the perpetrators were gone, and the Websites empty.  And strangely enough, Contabo could find no evidence on my VPS that any hacking had taken place.  There were no files at all.  The complaint was entirely based on those domains that had been attacking other Websites with my IP.

The sad part of it all was the domain that I had originally used with the VPS had been blacklisted all over the Internet.  I in essence lost use of it.  Yet ironically those two rogue Websites at Namecheap on which the complaint was based, weren't touched by the anti-spam cops.  They seem to be fine.  I guess one could call that double jeopardy.  My VPS got suspended, and I lost use of my domain.  Yet nothing happened to the domains that were associated with the IP that and the complaint was based on.  Like the system of checking on spam is also not a really good system - it protected the spammers more than in my case my domain.

I then asked Contabo for a new IP, and up to a couple of months ago, about three months after the event, those domains seem to be still "abandoned" with my original "hacked" IP still in place.  Do you think someone else could become a victim if they were to get a VPS with the IP with which the two domains are registered with Namecheap?  In essense DNS hacking?  Like Namecheap and other domain regisrars who do not verify IP ownership when domain DNS is made custom to an external IP actually open up the possibility of domain DNS abuse?

I was also thinking of another possibility. While those rogue Websites may have been hosted somewhere with my "attack" IP before I was given the IP, could they have set up e-mails in such a way that their sending were delayed and then launched after they no longer were hosted with that IP?