Google Chrome Canary gets experimental Encrypted Client Hello (ECH) support
Google Chrome Canary users may enable experimental support for Encrypted Client Hello (ECH) now. Encrypted Client Hello, also referred to as Secure SNI, improves the privacy of Internet connections. It is rather technical, but broken down to its core, ECH protects hostnames from being exposed to the Internet Service Provider, network provider and other entities with the capability of listening in on the network traffic.
The introduction of ECH support in Google Chrome Canary marks the beginning of a wider rollout among most Chromium-based browsers. While experimental flags may be removed without further notice at any time, it seems unlikely that ECH support will not be rolled out to Chrome Stable and other browsers based on Chromium. Mozilla added support for ECH in 2021 already in Firefox.
Chrome Canary users who want to give this a try need to make the following adjustments in Chrome Canary:
- Load chrome://settings/help to make sure that the latest version of Chrome Canary is installed. Chrome checks for updates and will install any that it finds. A restart is then required to complete the updating.
- Load chrome://flags/#encrypted-client-hello in the browser's address bar.
- Set the status of the Encrypted ClientHello flag to Enabled.
- Restart Google Chrome.
Encrypted Client Hello is enabled in Chrome after the restart. You may undo the change at any time by setting the status of the flag to Disabled using the step by step instructions above. Use Cloudflare's test page or any other test page to find out if the feature is working as advertised.
Google describes the feature in the following way:
"When enabled, Chrome will enable Encrypted ClientHello support. This will encrypt TLS ClientHello if the server enables the extension via the HTTPS DNS record"
Web servers need to support the feature, which means that it does not work on the majority of sites visited in Chrome Canary at the time of writing. The feature is available for all supported operating systems, including Windows, Mac, Linux, Android and Chrome OS.
Now You: do you use Secure DNS, ECH and other security/privacy features? (thanks ISO8601 for the tip)Advertisement