Sort of. They can still see which IP address you're connecting to, which by itself or in combination with some minor traffic analysis is quite often enough to identify which website you've visited. Perhaps it isn't if the website puts absolutely everything through a giant CDN like Cloudflare, but in that case it's Cloudflare which gets to see all the sites you visit which isn't a whole lot better than the status quo.
Still, it's a little less information given away at least some of the time. Better to do it than not do it.
in that case it’s Cloudflare which gets to see all the sites you visit
That's the status quo. CF holds the private keys to all reverse proxy'd sites hosted on it.
To be more precise, my belief is that the main thing ECH does is make it more difficult some of the time (depending on the details of how the site works) for observers of network traffic to directly see which website you've visited if it's one of those that have chosen to give all that data to Cloudflare or some similar system instead.
There also do still exist some simple web hosting setups that share many independent domain names on the same IP, but I think it's not as common as it probably was when they first came up with the idea of encrypting the tls server name many years ago. Maybe it'll make a comeback for sites whose users need to avoid censorship in this way if it's true that domain fronting has generally become more difficult.
Sort of. They can still see which IP address you're connecting to, which by itself or in combination with some minor traffic analysis is quite often enough to identify which website you've visited. Perhaps it isn't if the website puts absolutely everything through a giant CDN like Cloudflare, but in that case it's Cloudflare which gets to see all the sites you visit which isn't a whole lot better than the status quo.
Still, it's a little less information given away at least some of the time. Better to do it than not do it.
That's the status quo. CF holds the private keys to all reverse proxy'd sites hosted on it.
To be more precise, my belief is that the main thing ECH does is make it more difficult some of the time (depending on the details of how the site works) for observers of network traffic to directly see which website you've visited if it's one of those that have chosen to give all that data to Cloudflare or some similar system instead.
There also do still exist some simple web hosting setups that share many independent domain names on the same IP, but I think it's not as common as it probably was when they first came up with the idea of encrypting the tls server name many years ago. Maybe it'll make a comeback for sites whose users need to avoid censorship in this way if it's true that domain fronting has generally become more difficult.
Yes. Use a VPN. I recommend https://mullvad.net/en
Using a VPN just hands all of this information to them instead. That could be an improvement, but how do you know?
Well, for half of the internet they are going to see AWS ELBs addresses.