Oddbean new post about | logout
James Cridland | 1 years ago (raw) | root | parent | reply | flag 
 @9f772790 You appear to be able to enable ECH on Firefox, only. https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/ has the detail. (Source of this graphic: https://www.tunnelbear.com/blog/introducing-encrypted-client-hello-ech/ )

https://assets.bne.social/media_attachments/files/111/057/574/866/358/123/original/d6e341fe133c9141.png
11728256 | 1 years ago (raw) | root | parent | reply | flag 
 @92f75699 TunnelBear has announced that it will make iOS compatible with ECH. I guess I still have to hope for the best from them.
James Cridland | 1 years ago (raw) | root | parent | reply | flag 
 @9f772790 For a VPN (using the DNS services provided by it), I guess the only time a domain-name is seen by your ISP is when you're connecting to the VPN - otherwise it'll be hidden in the VPN's encrypted datastream. So, effectively, everything is hidden from your ISP apart from the initial connection - so perhaps arguably ECH isn't required if you're running a VPN.

Having read Tunnelbear's post, it looks like they'll support it for connecting to their VPN; that's all.