Microsoft has implemented another privacy-related feature in its browser by adding support for Encrypted Client Hello or ECH. Encrypted Client Hello is a mechanism in Transport Layer Security protocol (TLS) that enhances privacy by encrypting all privacy-sensitive parameters of the TLS connection.
TLS is a cryptographic protocol a client (browser) and server use to exchange encryption keys (handshake). The current implementation of TLS leaves several privacy-sensitive parameters—such as Server Name Indication that shows what server communicates with the client—without encryption. The Encrypted Client Hello extension fixes this long-standing privacy leak by providing full handshake encryption and protection from network eavesdropping. You can find an in-depth explanation of Encrypted Client Hello in a post on the official Cloudflare blog. Meanwhile, here is how to enable Encrypted Client Hello in Microsoft Edge 105 (and up) to improve privacy:
- Update Microsoft Edge to version 105 and newer (Beta, Dev, and Canary).
- Place the browser icon on the desktop, right-click it, and select Properties.
- Click the Target field, enter one space, and type --enable-features=EncryptedClientHello. Do not place a period at the end of the line.
- Click Ok to save the changes and launch the browser with the shortcut you have just customized.
- Go to edge://flags/#dns-https-svcb and enable the highlighted flag.
- Repeat the same with the edge://flags/#use-dns-https-svcb-alpn flag.
- Restart the browser.
- Go to Settings > Privacy, search, and services > Security and turn on Use secure DNS.
- Click Choose a service provider and select Cloudflare.
- Restart Microsoft Edge once again.
- Now you can check the status of Encrypted Client Hello by navigating to this webpage. It should display "success" next to the SSL_ECH_STATUS line.
That's it. You can now use Microsoft Edge with extra privacy measures ensuring the browser does not leak parts of your data.