This is the neo feudal internet. It is the end of any ability to lock your own front door to the internet. I saw it in my block logs for Lemmy and finally went to look it up. I don’t know if that is just dot world or otherwise, but there is absolutely no chance in hell that I will ever allow or use ECH or anything like it. That is some authoritarian insanity to expect me to trust a middleman connection for everything in the land of ‘please allow our 10k stalkerware partners into your intimate life via our app’. You have no way of knowing who or what you are connected to with ECH. You’re being forced to inherently trust a connection. Is software X/Y/Z connecting to malware, stalkerware, ANYTHING, you have no clue. What halfwit thought this was okay or some kind of reasonable solution? What am I missing here? I default do not trust anyone. Hope for the best; plan for the worst. If you want to let random people into your digital home, or are not worried about your scripts and code doing stupid stuff, hey, you do you. That is not for me. I want to know exactly what is connecting where and why at all times. Where is the libre internet heading now?
in the olden days, one ipv4 could host one domain securely. when a client connected to that ip, the connection was encrypted with the cert for that domain it was hosting.
the finite ipv4 space was gobbled up like crazy between this and every fucking thing on the planet wanting to be online.
an update to conserve ipv4 space allows one to host multiple domains (i.e. different sites on different domains, all using https) on one ip. to do this, the client needs tells the server which domain it’s looking for on the ip it’s connecting to–in the clear. once the server knows what cert to use, an encrypted connection can be set up.
‘encrypted client hello’ (ech) allows that initial request to be encrypted.
that’s pretty much all it does.