[RowanH]

It's not corporate level it was/is religious group level (of which this particular org I'm guessing largely employed staff from that religion). They are well known within our country to be quite insular.

It certainly seemed for all intents and purposes if you were a member of _____ group (wider than the company) you had the vpn on your device, and it was filtering content. I've found other reports in other countries of that happening with the same group.

So it's not corporate content filtering, it's personal content filtering and our app got caught up in it (and approved).

It certainly made my skin crawl for anyone in that religion. That means the central filtering service could be reading messages. Not sure if they're that sophisticated but certainly they didn't want people to see random images/videos.

[leononame]

Is it like required from their religious leadership to install this? That is incredible, and I only now understand your comment to its full extent. That is brutal.

[ndriscoll]

This is one reason I think ECH is probably on net a bad idea. Content filtering is a legitimate use-case for lots of users/networks, and if traffic is completely opaque to all networks, you end up needing things like root level processes or full MITM or laws requiring ID for websites instead of more privacy-preserving inspection of basic metadata (like SNI) at the network level.

You could imagine a standard for a network to signal to a client that it does not allow certain privacy features like ECH, and then clients can accept that or not. Instead I expect browsers will eventually mandate ECH, so people will have to MITM instead.

[FergusArgyll]

Yes, this exists. There's more than one company you can choose. It's not 'forced' but strongly recommended. Also, my love for hacking started with getting around it...