Encrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking

Home > Piracy >

Cloudflare has enabled Encrypted Client Hello for all customers on free plans, which includes many pirate sites. The new privacy feature makes it impossible for Internet providers to track which websites subscribers visit. As a result, it also renders pirate site-blocking efforts useless, if both the site and the visitor have ECH enabled.

echWebsite blocking has become the go-to anti-piracy measure for the entertainment industries when tackling pirate sites on the internet.

The practice has been around for well over 15 years and has gradually expanded to more than forty countries around the world.

The actual blocking is done by Internet providers, often following a court order. These measures can range from simple DNS blocks to more elaborate schemes involving Server Name Indication (SNI) eavesdropping, or a combination of both.

Thus far, the more thorough blocking efforts have worked relatively well. However, as privacy concerns grew, new interfering technologies have emerged. Encrypted DNS and SNI, for example, made blocking efforts much harder, although not impossible.

Encrypted Client Hello

A few days ago, Internet infrastructure company Cloudflare implemented widespread support for Encrypted Client Hello (ECH), a privacy technology that aims to render web traffic surveillance futile. This means that site blocking implemented by ISPs will be rendered useless in most, if not all cases.

ECH is a newly proposed privacy standard that’s been in the making for a few years. The goal is to increase privacy for Internet users and it has already gained support from Chrome, Firefox, Edge, and other browsers. Users can enable it in the settings, which may still be experimental in some cases.

Cloudflare Browser Test

The main barrier to widespread adoption is that this privacy technology is a two-way street. This means that websites have to support it as well. Cloudflare has made a huge leap forward on that front by enabling it by default on all free plans, which currently serve millions of sites. Other subscribers can apply to have it enabled.

“Cloudflare is a big proponent of privacy for everyone and is excited about the prospects of bringing this technology to life,” Cloudflare writes in its announcement

“Encrypted Client Hello (ECH) is a successor to ESNI and masks the Server Name Indication (SNI) that is used to negotiate a TLS handshake. This means that whenever a user visits a website on Cloudflare that has ECH enabled, no one except for the user, Cloudflare, and the website owner will be able to determine which website was visited.”

ECH Defeats Site Blocking

The push for increased privacy is well-intended but for rightsholders it represents a major drawback too; when correctly configured ECH defeats site-blocking efforts. Tests conducted by TorrentFreak show that ISP blocking measures in the UK, the Netherlands, and Spain were rendered ineffective.

This doesn’t automatically apply to all blocked sites, as the sites must have ECH enabled too. We have seen mixed results for The Pirate Bay, perhaps because it has a paid Cloudflare plan, but other pirate sites are easily unblocked.

This new privacy feature hasn’t gone unnoticed by pirate site operators. The people behind the Spanish torrent site DonTorrent, which had dozens of domains blocked locally, are encouraging users to try ECH.

“Before ECH, your online privacy was like a secret whispered in the wind, easily picked up by prying ears. But now, with ECH by your side, your data is like hidden treasure on a remote island, inaccessible to anyone trying to get there without the right key,” DonTorrent notes.

“This feature encrypts your data so that neither ISPs nor organizations like ACE and MPA [can] censor, persecute and intimidate websites that they consider ‘illegal’, the site adds in a fairly satirical blog post.

Privacy vs. Piracy

Cloudflare and other tech companies are not supporting ECH to make site-blocking efforts obsolete. However, this privacy progress likely won’t be welcomed by rightsholders, who’ve repeatedly criticized Cloudflare for hiding the hosting locations of pirate sites.

TorrentFreak reached out to a major anti-piracy organization for a comment on these new developments, but we have yet to receive an on-the-record response. It wouldn’t be unthinkable, however, that we will see more blocking lawsuits against Cloudflare in the future.

For now, Cloudflare isn’t mentioning blocking at all. Instead, it is simply excited about making the Internet more private and secure for everyone.

“If you’re a website, and you care about users visiting your website in a fashion that doesn’t allow any intermediary to see what users are doing, enable ECH today on Cloudflare,” the company writes.

“Over time, we hope others will follow our footsteps, leading to a more private Internet for everyone. The more providers that offer ECH, the harder it becomes for anyone to listen in on what users are doing on the Internet. Heck, we might even solve privacy for good.”

Update October 17: Cloudflare disabled broad ECH support for now.

* Note: We initially had trouble getting ECH to work. As it turns out, some ‘web shield’ functionalities in anti-virus software can cause issues.


Popular Posts
From 2 Years ago…