Attacking DoH and ECH: Does Server Name Encryption Protect Users’ Privacy?

Privacy on the Internet has become a priority, and several efforts have been devoted to limit leakage of personal information. Domain names, both in TLS Client Hello DNS traffic, are among last pieces information still visible an observer network. The Encrypted extension for TLS, over HTTPS or QUIC protocols aim further increase network confidentiality by encrypting domain names visited servers. In this article, we check whether attacker able passively observe traffic users could recover name websites they visit even if encrypted. By relying large-scale traces, show that simplistic features off-the-shelf machine learning models sufficient achieve surprisingly high precision recall when recovering encrypted names. We consider three attack scenarios, i.e., per-flow name, rebuilding set user, checking which given target website. next evaluate efficacy padding-based mitigation, finding all attacks effective, despite resources wasted with padding. conclude current proposals encryption may produce false sense privacy, more robust techniques should be envisioned offer protection end users.