Encrypted Client Hello: How it was blocked in Russia and next steps
Comments
camgunz
esbranson
Yes, Russia can shut off its Internet and computers. Know that super useful AI model out of Russia? Its name slips my tongue. Imagine how much better it will get.
camgunz
That doesn't matter if you can't easily leave Russia, or you don't want to because you've been propagandized, etc.
I guess my broader point is we might need something for regimes that are willing to instate varying degrees of isolation. Like, "so your Internet is controlled by authoritarians; now what?" Not to imply there definitively is a thing--that xkcd about the wrench is the dominant principle ofc.
drysine
>I bet there would be a Russian fork suuuuper fast
There is Yandex Browser [0] which is based on Chromium and exists since 2010. Its share in Russia is ~33% while Chrome has 42% of the market [1].
[0] https://browser.yandex.com/
[1] https://gs.statcounter.com/browser-market-share/all/russian-...
thousand_nights
i use an extension called OhMyECH to show whether a website used ECH, and it is currently very rare that i encounter one that does.
at least none of the major websites on the internet do.
Bender
adding, one can test it here [1] though I think it also depends on the client using DoH [2] For people already using Cloudflare or Google DoH DNS it should just work.
To get ECH to work for me I had to enable DoH in my local Unbound DNS daemon and point Firefox to it rather than using unencrypted DNS on my LAN. I had to force a refresh (shift-F5 on tls-ech.dev). I only use my own recursive DNS so I get query logs and can block some ad/malware sites.
[1] - https://crypto.cloudflare.com/cdn-cgi/trace
[2] - https://tls-ech.dev/
Can't you just drop the ECH signals, no matter what site it is? Don't you then mostly disable sites you don't want people to see anyway? Maybe like, you can't download Chrome anymore, but I bet there would be a Russian fork suuuuper fast.