alt Hacker NewsIf I set my DNS provider to use DoH or DoT, my ISP will no longer see my DNS requests. I'm confident that my ISP doesn't do DPI at scale to extract SNI, so the lack of ECH doesn't break the entirety of the privacy benefit.
The fact that they could perform DPI doesn't change the reality that most ISPs probably aren't doing it, unless mandated by law, because it's expensive and in my main country of residence they can't sell that data to offset the cost.
I'm surprised to see such lack of nuance coming from you.
Big part of why we began pushing for TLS everywhere is that ISPs were doing DPI to inject ads in web pages. There's very real precedent for this stuff, and a real market for selling information on your web habits as well. Besides the obvious value for the spooks.
It's taken a conspicuously long time to even begin to see a solution to the glaring privacy issues with SNI. Even just counting the length of time we've been aware of the problem of SNI being used for censorship and eavesdropping[1], it's over a decade, and ECH's is status is still very experimental in most web server software (and ECH is kind of a janky hack even after how long this has been discussed back and forth, the ESNI debacle, and so on).
[1] https://inria.hal.science/hal-01202712/document