> With encrypted DNS, Comcast sees that you connected to your DNS provider and Cloudflare, which isn't exactly valuable.
Comcast also sees SNI in plain text, sees all the other connections to other IPs for 3rd party resources on that domain, also with SNI, and sizes of all the responses of course. And just the IP addresses and response sizes give enough information to figure out what domain is visited, never mind seeing it in plain text in SNI.
Comcast also sees SNI in plain text, sees all the other connections to other IPs for 3rd party resources on that domain, also with SNI, and sizes of all the responses of course. And just the IP addresses and response sizes give enough information to figure out what domain is visited, never mind seeing it in plain text in SNI.