• Atemu
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    in that case it’s Cloudflare which gets to see all the sites you visit

    That’s the status quo. CF holds the private keys to all reverse proxy’d sites hosted on it.

    • jsdz
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      To be more precise, my belief is that the main thing ECH does is make it more difficult some of the time (depending on the details of how the site works) for observers of network traffic to directly see which website you’ve visited if it’s one of those that have chosen to give all that data to Cloudflare or some similar system instead.

      There also do still exist some simple web hosting setups that share many independent domain names on the same IP, but I think it’s not as common as it probably was when they first came up with the idea of encrypting the tls server name many years ago. Maybe it’ll make a comeback for sites whose users need to avoid censorship in this way if it’s true that domain fronting has generally become more difficult.