Firefox recently released version 118 at the end of September. One of the significant features is the implementation of the Encrypted Client Hello (ECH) standard for encrypting the initial text message connection using TLS. This encryption ensures that eavesdroppers cannot see which domain the user is connecting to.
There are several avenues for eavesdroppers to observe web usage behavior. In the past, the main avenue was to intercept unencrypted connections. However, with the increasing popularity of HTTPS, it has become much more challenging to intercept data in transit. However, eavesdroppers can still observe DNS queries. Even after the implementation of DNS encryption (DoH), it has become harder to detect such observations. This leaves only one avenue, which is the domain data sent during the TLS connection, known as the Server Name Indication (SNI) field.
Previously, there were attempts to promote the ESNI standard, which encrypts domain data in the connection packet. However, in reality, the Client Hello packet still contains other fields that pose privacy risks, such as ALPN. Therefore, the ECH proposal suggests encrypting the entire Client Hello packet, rendering it completely invisible. However, adversaries may still gather information from surrounding data, such as the size of the Client Hello packet or the timing of the responses, to analyze which websites are being accessed. This remains an ongoing challenge, similar to the efforts made with OpenSSH to close such vulnerabilities.
TLDR: Firefox version 118 introduces the Encrypted Client Hello (ECH) standard to encrypt the initial text message connection in TLS, preventing eavesdroppers from seeing the domain being accessed. While it closes one avenue for eavesdropping, challenges remain to fully protect user privacy.