On Sat, 15 Apr 2023, Greg Wooledge wrote:
Now, personally I don't feel this is a threat model that I need to worry about. I just use plain old http sources at home, and if "They" learn that I've downloaded rxvt-unicode and mutt, well, good for Them.
The thread model I'm most concerned about is local stuff *exporting* data elsewhere. I do understand that there are people in some parts of the world that want to do things that they ought to be allowed to do but their repressive governments are preventing. HTTPS is a useful tool to make that repression harder - but doesn't actually make people safe - if doing something is illegal then it's still illegal even if it's harder for the authorities to detect it. But it's pretty much impossible nowadays to have a "safe" environment at home. Phones, TVs, almost everything, now tries to establish outgoing connections. ESNI, and DNSoHTTPS are on the way to making it almost impossible to keep tabs on this and restrict what is allowed to egress. The only redeeming point is that corporates *need* to do egress filtering - so at the moment the browsers cannot totally block it - and if they did try, there would be the financing to provide a browser that corporates could use that, at least, allowed SNI sniffing and regular DNS.