Microsoft has implemented another privacy-related feature in its browser by adding support for Encrypted Client Hello or ECH. Encrypted Client Hello is a mechanism in Transport Layer Security protocol (TLS) that enhances privacy by encrypting all privacy-sensitive parameters of the TLS connection.
TLS is a cryptographic protocol a client (browser) and server use to exchange encryption keys (handshake). The current implementation of TLS leaves several privacy-sensitive parameters—such as Server Name Indication that shows what server communicates with the client—without encryption. The Encrypted Client Hello extension fixes this long-standing privacy leak by providing full handshake encryption and protection from network eavesdropping. You can find an in-depth explanation of Encrypted Client Hello in a post on the official Cloudflare blog. Meanwhile, here is how to enable Encrypted Client Hello in Microsoft Edge 105 (and up) to improve privacy:
- 1. Update Microsoft Edge to version 105 and newer (Beta, Dev, and Canary).
- 2. Place the browser icon on the desktop, right-click it, and select Properties.
- 3. Click the Target field, enter one space, and type --enable-features=EncryptedClientHello. Do not place a period at the end of the line.
- 4. Click Ok to save the changes and launch the browser with the shortcut you have just customized.
- 5. Go to edge://flags/#dns-https-svcb and enable the highlighted flag.
- 6. Repeat the same with the edge://flags/#use-dns-https-svcb-alpn flag.
- 7. Restart the browser.
- 8. Go to Settings > Privacy, search, and services > Security and turn on Use secure DNS.
- 9. Click Choose a service provider and select Cloudflare.
- 10. Restart Microsoft Edge once again.
- 11. Now you can check the status of Encrypted Client Hello by navigating to this webpage. It should display "success" next to the SSL_ECH_STATUS line.
That's it. You can now use Microsoft Edge with extra privacy measures ensuring the browser does not leak parts of your data.
How to improve privacy in Microsoft Edge by enabling Encrypted Client Hello
- aum
- 1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.