[Analemma_]

This doesn’t make any sense. Your ISP still knows your browsing history even if they can’t see your DNS requests.

[nullwasamistake]

No they don't. TLS has encrypted sites for a long time. And with encrypted SNI they get no info about browsing history. This is a blatant attempt to stymie the last cleartext protocol that can be used to record browsing history.

[nathanaldensr]

Not if your traffic is HTTPS+TLS. They will only know--if they are the target DNS server--what IP you are connecting to. The secure channel protects against them knowing more than that.

[ianlevesque]

SNI leaks the domain name you are requesting. It's pretty shocking.

[snek]

Firefox also supports ESNI! These crazy villians shakes fist at Mozilla

[cesarb]

There is already work on encrypted SNI. Last time I looked, it uses information from DNS, so encrypted DNS is a prerequisite.

[perfmode]

how? wouldn’t they just see TCP packets?

[derefr]

They see the destinations of those packets, so they know what sites (IP addresses) you're interacting with, on what ports.

They don't get the domain names, but for the very popular web properties that all these analytics care about calculating your relationship to, they don't need them; the IP is enough to discern which site you're visiting.

[GauntletWizard]

Yes, and the IP addresses there are public, and reverse DNS entries are easy to find. There's some ambiguity, but not much. Your isp doesn't care about the difference between fbcdn.net and Facebook.com when selling your traffic history.