Say (an encrypted) hello to a more private internet. | The Mozilla Blog
blog.mozilla.org
As web users, what we say and do online is subject to pervasive surveillance. Although we typically associate online tracking with ad networks and other th

ECH (encrypted client hello) is going or get enabled by default (already existed in a hidden setting) with version 118.

This page about the version explains a bit better ECH https://support.mozilla.org/fr/kb/understand-encrypted-client-hello

Tho it is still a bit confusing.

From what I understand there is the DNS query > the dns servers sends back an IP. This DNS query can be encrypted with DoH (or DoT?, it seems only DoH from the post).

Then there is a handshake with the website where the website informations can be leaked, and that can be encrypted by ECH (if the website supports it).

Then after that there is a tls connexion established between the website and the user.

The part where I’m confused is : can ECH be used without DoH? If yes that would mean that I can use a DoH capable software and not have to configure it into Firefox? (ex: Nextdns + yogadns)

  • 🇰 🌀 🇱 🇦 🇳 🇦 🇰 ℹ️@yiffit.netEnglish
    41·
    1 year ago

    It’s already on. The problem is going to a HTTPS site gives the “this site isn’t actually secure, would you like to open it in HTTP instead?” And doesn’t actually load the sites, which I know work, in HTTPS.

    Like this:

    This site (SNAP homepage) works in HTTPS just fine on Chrome.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.oneEnglish
      81·
      1 year ago

      Their webserver is probably misconfigured I think?

      Chrome does a bunch of stuff in the background (trying no www, with www, etc) to try and get you to the https website, which firefox doesn’t. It’s a reason I like firefox as a developer, makes it super obvious when you’ve messed something up

    • Tibert@jlai.luOPEnglish
      21·
      1 year ago

      I sometimes get this too. It’s a bit annoying on mobile (not happening on desktop), but I often just need to reload the page.