Firefox Changes ESNI to ECH to Improve Privacy

Firefox is one of the most used browsers and this means that when it launches some important news it can benefit many users. Today we echo a change that will come with the new Firefox 85 version. It will change to ESNI for ECH . The goal is to improve privacy and prevent hostname leaks from the TLS handshake. We are going to explain what this change consists of.

Firefox 85 change ESNI to ECH to improve privacy

First you have to remember what ESNI means . A couple of years ago, the Mozilla browser announced support for this extension that works through the TLS protocol. Its function is to make it difficult to locate navigation. A user indicates which hostname to connect to when initiating communication. Prevent that name from traveling in plaintext without encryption.

Firefox 85

It basically serves to encrypt the SNI (Server Name Indication) extension , which avoids hostname futas. However this actually offers incomplete protection. For example, during session resumption, the pre-shared key extension might contain a plaintext copy of the same server name encrypted by ESNI.

We should also mention that this feature allows you to selectively filter HTTPS traffic and analyze which sites the user opens. It does not allow full confidentiality when using HTTPS.

Avoid ESNI limitations

To avoid these limitations offered by ESNI, ECH is now emerging. Mozilla will include ECH draft-08 in Firefox 85, which is due to be released later this January. In this case, it does not just encrypt the SNI extension, but it encrypts the entire ClientHello message. However, hopefully there will be a new update to ECH draft-09 soon.

It assumes two types of ClientHello messages: an encrypted ClientHelloInner message and an unencrypted base ClientHelloOut message. It is therefore an improved version, an evolution, of ESNI.

It should be noted that ECH also modifies the distribution of keys and encryption. A TLS server that supports ECH now advertises its public key through an HTTPSSVC DNS record. Instead ESNI used TXT records. The key encryption is stronger as ECH uses the hybrid public key encryption specification rather than defining its own scheme.

As we always say, it is advisable to have the latest versions especially when it comes to the browser. This way we can achieve all the improvements and reduce the risk that an intruder could steal information and access our system. In addition, if we have updated the software we can achieve improvements in performance to better navigate the network.

In short, ECH is an interesting evolution of ESNI that will incorporate the Mozilla Firefox browser. The objective is none other than to allow an improvement in privacy. We already know that keeping data safe and avoiding leaks is very important to users. There are many methods that could be used to collect personal information. We leave you a tutorial with tips to maintain privacy when browsing.