[johannes1234321]

For many things there isn't really need to get the payload. Get the IP addresses, DNS lookups and TLS SNI information and correlate to information gathered from elsewhere and you can derive a lot.

[pabs3]

You can derive a lot just from the set of IP addresses accessed, even if those IPs are cloud/CDN providers:

"What can you learn from an IP?" https://irtf.org/anrw/2019/slides-anrw19-final44.pdf

[dilyevsky]

+1 Hopefully DNS over tls and new sni encryption standards will put an end to all this in next 5-10 years

[throwawayway9]

+1 for the optimism, but unfortunately even with those mitigations it is not enough. Using a VPN in combination with DoT/H is currently best practice I believe.

[pabs3]

Even multi-layer VPNs or Tor leak data via global correlation attacks. We need VPNs and Tor to start doing network bandwidth padding.

[throwawayway9]

Yes, I agree. Is there anything we can do in the meantime?