How to improve privacy in Microsoft Edge by enabling Encrypted Client Hello

A Microsoft Edge logo next to a handshake and lock emoji

Microsoft has implemented another privacy-related feature in its browser by adding support for Encrypted Client Hello or ECH. Encrypted Client Hello is a mechanism in Transport Layer Security protocol (TLS) that enhances privacy by encrypting all privacy-sensitive parameters of the TLS connection.

TLS is a cryptographic protocol a client (browser) and server use to exchange encryption keys (handshake). The current implementation of TLS leaves several privacy-sensitive parameters—such as Server Name Indication that shows what server communicates with the client—without encryption. The Encrypted Client Hello extension fixes this long-standing privacy leak by providing full handshake encryption and protection from network eavesdropping. You can find an in-depth explanation of Encrypted Client Hello in a post on the official Cloudflare blog. Meanwhile, here is how to enable Encrypted Client Hello in Microsoft Edge 105 (and up) to improve privacy:

  1. Update Microsoft Edge to version 105 and newer (Beta, Dev, and Canary).
  2. Place the browser icon on the desktop, right-click it, and select Properties.
  3. Click the Target field, enter one space, and type --enable-features=EncryptedClientHello. Do not place a period at the end of the line.A screenshot showing Microsoft Edge properties window with the ECH line
  4. Click Ok to save the changes and launch the browser with the shortcut you have just customized.
  5. Go to edge://flags/#dns-https-svcb and enable the highlighted flag.
  6. Repeat the same with the edge://flags/#use-dns-https-svcb-alpn flag.A screenshot showing experimental flags necessary for enabling ECH in Edge
  7. Restart the browser.
  8. Go to Settings > Privacy, search, and services > Security and turn on Use secure DNS.
  9. Click Choose a service provider and select Cloudflare.A screenshot showing DNS settings necessary for enabling ECH in Edge
  10. Restart Microsoft Edge once again.
  11. Now you can check the status of Encrypted Client Hello by navigating to this webpage. It should display "success" next to the SSL_ECH_STATUS line.A screenshot showing a test web page confirming ECH running in Edge

That's it. You can now use Microsoft Edge with extra privacy measures ensuring the browser does not leak parts of your data.

Report a problem with article
The official Spotify Website showing the three months of premium for free promo
Next Article

Spotify extends free trial to three months, offers discount to returning subscribers

Previous Article

Emergency alerts to roll out in the UK starting from October

Join the conversation!

Login or Sign Up to read and post a comment.

3 Comments - Add comment