alt Hacker News> they still see the URL so they can get the content if they want it
That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.
> they still see the URL so they can get the content if they want it
That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.
Surely your ISP can see every URL you visit if they have a reason to? They're routing the traffic.