Comment by fc417fc802
4 days ago
It's not limited to the ISP and DNS provider. Thanks to being plaintext it's anyone anywhere along the network path (unless you were already using DoH of course, but sans-ECH is still the entire path regardless).
Anyway I agree with you that plugging leaks is good (notice my adjacent comment). My response there was intended to provide clarification regarding the preceding exchange.
Going off on a tangent, I wish there were more awareness of how this concentrates power to Cloudflare.
Between so many service operators intentionally purchasing MitM as a service from the cloud providers and the ever increasing proliferation of centralized captcha solutions that work via fingerprinting the entire situation seems increasingly hopeless.