"Work to develop a new version of TLS was started in 2014, mainly due to concerns that TLS 1.2 and earlier version implementations had been shown to be vulnerable to a range of attacks over the years. The work to develop TLS 1.3 [RFC8446] also aimed to encrypt more of the handshake so as to expose less information to network observers -- a fairly direct result of the Snowden revelations. Work to further improve TLS in this respect continues today using the so-called Encrypted Client Hello (ECH) mechanism [TLS-ECH] to remove one of the last privacy leaks present in current TLS.P:
Work on ECH was enabled by significant developments to encrypt DNS traffic, using DNS over TLS (DoT) [RFC7858] or DNS Queries over HTTPS (DoH) [RFC8484], which also started as a result of the Snowden revelations. Prior to that, privacy hadn't really been considered when it came to DNS data or (more importantly) the act of accessing DNS data. The trend towards encrypting DNS traffic represents a significant change for the Internet, both in terms of reducing cleartext, but also in terms of moving points-of-control. The latter aspect was, and remains, controversial, but the IETF did its job of defining new protocols that can enable better DNS privacy. Work on HTTP version 2 [RFC9113] and QUIC [RFC9000] further demonstrates the trend in the IETF towards always encrypting protocols as the new norm, at least at and above the transport layer.P:
Of course, not all such initiatives bore fruit;"
Indeed. People are still sending cleartext domain names in SNI. Are the alleged privacy gains of encrypting DNS traffic meaningful when anyone can see the domain names in SNI, when the user makes a TLS connection. Arguably cleartext SNI is even worse for privacy than cleartext DNS because with SNI anyone can see when the person is connecting to a website whereas DNS only tells them when the person looked up a name. Concluding that a person accessed a website from a DNS lookup alone requires some assumptions. Cleartext SNI requires no such assumptions.
Work on ECH was enabled by significant developments to encrypt DNS traffic, using DNS over TLS (DoT) [RFC7858] or DNS Queries over HTTPS (DoH) [RFC8484], which also started as a result of the Snowden revelations. Prior to that, privacy hadn't really been considered when it came to DNS data or (more importantly) the act of accessing DNS data. The trend towards encrypting DNS traffic represents a significant change for the Internet, both in terms of reducing cleartext, but also in terms of moving points-of-control. The latter aspect was, and remains, controversial, but the IETF did its job of defining new protocols that can enable better DNS privacy. Work on HTTP version 2 [RFC9113] and QUIC [RFC9000] further demonstrates the trend in the IETF towards always encrypting protocols as the new norm, at least at and above the transport layer.P:
Of course, not all such initiatives bore fruit;"
Indeed. People are still sending cleartext domain names in SNI. Are the alleged privacy gains of encrypting DNS traffic meaningful when anyone can see the domain names in SNI, when the user makes a TLS connection. Arguably cleartext SNI is even worse for privacy than cleartext DNS because with SNI anyone can see when the person is connecting to a website whereas DNS only tells them when the person looked up a name. Concluding that a person accessed a website from a DNS lookup alone requires some assumptions. Cleartext SNI requires no such assumptions.