[rnhmjoj]

> they still see the URL so they can get the content if they want it

That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.

[pc86]

Surely your ISP can see every URL you visit if they have a reason to? They're routing the traffic.

[rnhmjoj]

No they can't. They obviously know the IP addresses, but that's not terribly useful since everything is behind a cloudflare proxy nowadays. The server hostname may provide some more information, if the server doesn't support ECH [1], but the full URL is encrypted.

https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypt...

[mandevil]

If you use HTTPS they can see that you hit wikipedia (they will see you are trying to do a DNS lookup for en.wikipedia.org), but they can't see that you are viewing https://en.wikipedia.org/wiki/Hundeprutterutchebane in particular- that is only available to someone who can read the body of the HTTP request, which with HTTPS is encrypted.

[NetMageSCW]

Routing only shows the server IP address, which isn’t very useful if it is AWS or Azure or CloudFlare or some other CDN.