According to https://gfw.report/publications/usenixsecurity25/en/#3 they sniff the SNI out of the handshake like for TLS.

▲

3abiton 2 days ago | parent [-]

Is that a new technique? Shouldn't this be mitigated?

▲

pabs3 2 days ago | parent | next [-]

Encrypted Client Hello is the mitigation to that, IIRC it hasn't rolled out yet, and if it does then the GFW would probably just block connections that use it.

	▲	Agraillo 2 days ago \| parent [-]
		ECH is on by default for Cloudflare’s free plans, and paying customers can adjust the setting. That’s why CF already has an interesting history with the Russian authorities [1] (The discussion is short but has a lot of interesting details) [1] https://news.ycombinator.com/item?id=44392221

▲

lucb1e 2 days ago | parent | prev [-]

...parsing SNI to find the server name is like the second-oldest trick in the book, after reverse DNS from the 80s? Maybe I'm not understanding the question