18 pointsby grittygrease4 hours ago2 comments

camgunzan hour ago
Can't you just drop the ECH signals, no matter what site it is? Don't you then mostly disable sites you don't want people to see anyway? Maybe like, you can't download Chrome anymore, but I bet there would be a Russian fork suuuuper fast.
thousand_nights3 hours ago
i use an extension called OhMyECH to show whether a website used ECH, and it is currently very rare that i encounter one that does.
at least none of the major websites on the internet do.
- Bender2 hours ago
  adding, one can test it here [1] though I think it also depends on the client using DoH [2] For people already using Cloudflare or Google DoH DNS it should just work.
  To get ECH to work for me I had to enable DoH in my local Unbound DNS daemon and point Firefox to it rather than using unencrypted DNS on my LAN. I had to force a refresh (shift-F5 on tls-ech.dev). I only use my own recursive DNS so I get query logs and can block some ad/malware sites.
  [1] - https://crypto.cloudflare.com/cdn-cgi/trace
  [2] - https://tls-ech.dev/