I’d never considered SNI sniffing. Great point. I’m quite fortunate in that the ISP I’m with (AAISP) is fairly privacy first and don’t _appear_ to be snooping on me in any meaningful way.
That said, I can’t say the same for my phone provider.
> don’t _appear_ to be snooping on me in any meaningful way.
SNI is cleartext enough to be passively logged, so you never know. Maybe some government-mandated (or supplied) switch is logging them to some short-lived log file in case they ever need to pull your hostname history.
Note that SNI sniffing protection is in the works by encrypting the client hello[0]. While it's been in draft for some years now, Chrome has a lot of work being put into it[1], so hopefully it'll be done sometime next year with support within Cloudflare and browsers soon after.
But do you also trust your phone carrier? (I don't trust either my ISP nor my phone) Or when you're out on WiFi that isn't yours? It's a cheap way to add a little extra bit of security and privacy.
That said, I can’t say the same for my phone provider.