Encrypted Client Hello

Just a heads-up. The recently released Firefox 119 mentioned Encrypted Client Hello in their release notes. Encrypted Client Hello works by fetching a public key over DNS-over-HTTPS and encrypting the first TLS packet. On the plus side, it takes the Server Name Indicator out of the clear. On the minus side, one app IP addresses like Mojeek don’t get a lot of theoretical benefit because the name of the website will still be known. On balance, I think Encrypted Client Hello is worth considering because it is a sign that an organization takes privacy seriously and has a process to integrate new technology.

2 Likes

ECH is the most recent step in our mission to build a better internet, one where privacy is the industry standard.

ha! that’s funny in light of the coming internet driver’s license which will remove all anonymity

in the mean time, i prefer a VPN over firefox’s solution, not that alleviates a netflow attack

i’ve read a few comments around the interwebs that are critical of those that posit ‘privacy is dead’, all of which fail to consider the catastrophic hardware and firmware vulnerabilities

we’re in a tough spot and Mozilla’s efforts, while commendable in some ways, aren’t enough to fix an inherently broken system that was designed from the ground up to be insecure