alt Hacker NewsDuring the TLS handshake, you send the domain name in clear text (Server Name Indication - SNI extension) so that the hoster can present the correct certificate for that domain.
Nothing prevents the ISP from collecting that.
During the TLS handshake, you send the domain name in clear text (Server Name Indication - SNI extension) so that the hoster can present the correct certificate for that domain.
Nothing prevents the ISP from collecting that.
Hence Encrypted Client Hello (https://datatracker.ietf.org/doc/rfc9849/), though deployment is still thin.