upvote
How does deep packet inspection work on encrypted traffic?
reply
Until there's more wide support for Encrypted Client Hello (ECH), the SNI header in the TLS handshake is always sent in plaintext. Between that an unencrypted DNS, most routers can easily spot/log what you're accessing in a browser.
reply