For more than three decades, DNS website blocking has been used to prevent users from accessing certain websites on the Internet. Court orders can bind ISPs to block their customers from accessing certain websites.
These sites can be so-called pirate sites, adult sites or any other site against which a court has ruled.
Note that DNS blocking has never been effective. Users can use different DNS providers on their devices to access “banned” websites.
All this until yesterday.
Introducing Encrypted Client Hello to browsers changes everything. Hides the domain name during searches so that ISPs or network administrators do not know what a user is accessing on the Internet. It is a very important privacy action as it prevents ISPs from recording and selling user data or interacting with certain requests.
Mozilla introduced support for Encrypted Client Hello in Firefox 118, and Chromium recently added it as a new security feature. You can check your browser here to find out if it supports the feature.
So with improved user privacy, DNS blocking becomes useless, since the ISP or network administrator no longer knows the domain name the user wants to access. Yes websites that are blocked at the DNS level are no longer blocked, provided that website supports Encrypted Client Hello.
Cloudflare has already enabled support for Encrypted Client Hello. So millions of websites already support Encrypted Client Hello and many more will follow in the future.
It's too early to tell how all this will affect legislation and decisions that block access to websites. Courts can require ISPs to use different blocking techniques, for example Deep Packet Inspection.
The correct path: https://www.cloudflare.com/ssl/encrypted-sni/