Possibly the domain is visible with a traffic monitoring tool. Everything else is between you and the bank via HTTPS. Having said that, whatever is not over https is visible to whoever sits on the same network as yourself.
But you can see the ip address, which will id the bank. They can derive other information by ip addresses or leaked data and there’s still things using unencrypted connections even today. I generally just connect to my home vpn so at least it’s inly my isp spying on me.
With TLS and DoH, how is your bank and other information leaked?
Possibly the domain is visible with a traffic monitoring tool. Everything else is between you and the bank via HTTPS. Having said that, whatever is not over https is visible to whoever sits on the same network as yourself.
Importantly, you probably don’t know what all is encrypted in every app you use on your phone, so it’s best practice to encrypt the transport.
He said “which bank”, which could be determined by the sniffing DNS requests, or seeing which IPs his computer is connecting to.
Not a breach of his personal information (assuming the bank that he’s using and the client he’s using after putting everything in TLS properly).
But with DoH you can’t sniff the DNS, that’s the whole point.
But you can see the ip address, which will id the bank. They can derive other information by ip addresses or leaked data and there’s still things using unencrypted connections even today. I generally just connect to my home vpn so at least it’s inly my isp spying on me.
Generally you can also read the SNI.
I think this is one of the things that ech is meant to solve. But ech/esni is still not widespread on smaller sites yet I think.
You actually still can. Have a look at DNS fingerprinting