I was wondering if a VPN would add any kind of security or privacy if one is connecting to a host with a client/browser that supports DNS over HTTPS and that host supports encrypted client hello. Is there a way for the ISP or anything in between to shape traffic or even know what is being accessed? The only thing that should be visible is traffic between two IP addresses right?
Currently ENC is supported by Cloudflare only. Cloudflare is MITM agent, between you and website. VPN will add another 3rd MITM. Idk if it is good idea to trust both over ISP.
In this instance, Cloudflare’s stronghold over the internet is actually good for privacy because of the design of ECH.
ODoH + DANE could’ve been better, but nobody implements DANE anymore because people consider DNSSEC to be too hard.