> The first is via the Domain Name System (DNS), which translates domain names into IP addresses so that the site can be found. Instead of returning a valid IP address for a domain name ...
Easily unblocked by going with a different DNS service.
> The second approach is to block individual connection requests to a restricted domain name. When a user or client wants to visit a website, a connection is initiated from the client to a server name, i.e. the domain name. If a network or on-path device is able to observe the server name, then the connection can be terminated.
Isn't that what encrypted client hello is meant to actually prevent? I just turned it on just for giggles
Easily unblocked by going with a different DNS service.
> The second approach is to block individual connection requests to a restricted domain name. When a user or client wants to visit a website, a connection is initiated from the client to a server name, i.e. the domain name. If a network or on-path device is able to observe the server name, then the connection can be terminated.
Isn't that what encrypted client hello is meant to actually prevent? I just turned it on just for giggles