While ECH Adoption Is Low, Risks Remain for Enterprises TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityDPRK's 'Contagious Interview' Spawns Malicious Npm Package FactoryDPRK's 'Contagious Interview' Spawns Malicious Npm Package FactorybyElizabeth Montalbano, Contributing WriterDec 2, 20255 Min ReadApplication SecurityPrompt Injections Loom Large Over ChatGPT's Atlas BrowserPrompt Injections Loom Large Over ChatGPT's Atlas BrowserbyAlexander CulafiNov 26, 20256 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllApplication SecurityLINE Messaging Bugs Open Asian Users to Cyber EspionageLINE Messaging Bugs Open Asian Users to Cyber EspionagebyTara SealsNov 21, 20257 Min ReadEndpoint SecurityChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryData PrivacyCyber RiskCybersecurity OperationsСloud SecurityCommentaryNews, news analysis, and commentary on the latest trends in cybersecurity technology.While ECH Adoption Is Low, Risks Remain for Enterprises, End UsersIs the new privacy protocol helping malicious actors more than Internet users?December 2, 20254 Min ReadSource: HA Photos via Alamy Stock PhotoCOMMENTARYTwo years ago, the introduction of Encrypted Client Hello (ECH) divided enterprise cybersecurity professionals and privacy advocates. An extension to the Transport Layer Security (TLS) 1.3 internet encryption standard, ECH protects communications between an endpoint device and a web server. While ECH increased user privacy, it reduced visibility, which is not so great for security.You are already familiar with TLS: the padlock symbol and https designation in the address bar of your browser indicate the website uses this Internet standard. However, this only means that the content between the client machine and the server is encrypted after the connection has been established. The client machine could still reveal the domain of the website it's attempting to visit before the encrypted connection is established with the server. The destination website or server address can be visible to mobile operators, ISPs, enterprise security teams, and bad actors, even when the user and the server take precautions to avoid it.The goal of ECH was to increase user privacy by encrypting the content exchanged between clients and servers before they establish the encrypted connection.  But while ECH offers increased user privacy, it comes at the expense of visibility, or being able to detect and respond to threats. Cybersecurity tools such as Secure Web Gateways and Next Generation Firewalls need visibility of the domains the user is trying to access. Without that visibility, enterprises would be hampered in their efforts to identify and block connections to malicious domains. Related:BCI: The Stuff of Nightmares or Dreams?This tradeoff is particularly relevant for banks and enterprises in other heavily regulated industries since they are often required to monitor all incoming and outgoing internet traffic. Before ECH, these tools could decrypt traffic selectively, without looking at sensitive data such as employee PII [personally identifiable information]. But organizations where ECH blocks those filtering tools have to decrypt all traffic in order to remain compliant with regulations — which further degrades user privacy.Earlier this year, we studied billions of connections to try to understand ECH adoption and its impact on enterprise users. That analysis brought good news and bad news: while overall adoption is very low, malicious and risky sites are already taking advantage of the security blind spot to gain a foothold among sites using ECH.Who is Using ECH?Not many. Slightly less than 10% of the top million websites (by traffic) support ECH, and just 0.06% of connections actually use ECH. This is due to a combination of device side and server side factors. Related:Gaps in California Privacy Law: Half of Data Brokers Ignore RequestsWidespread adoption of ECH requires support on both the client and server side.From the client side, users need a browser that supports ECH — Chrome and Firefox, for example — and configure the system to use Encrypted DNS to hide their DNS queries and access a compatible resolver. On the mobile front, Apple's iOS doesn’t support ECH, and just 30% of Android devices in our study use a browser that is ECH-compatible and have configured their device to use encrypted DNS.On the server side, the simplest way for a website to enable ECH is to work with a content delivery network (CDN) that supports it. Today, the only major CDN that supports ECH is Cloudflare. With very, very few exceptions, all of the sites supporting ECH are using Cloudflare infrastructure. In fact, ECH adoption levels are highest among less popular sites. We found that just 3% of the 1,000 most popular sites and just 1% of the top 100 use Cloudflare infrastructure and support ECH. Small Adoption, But Risks RemainEven if less than one-tenth of one percent of internet connections are using ECH, there are real warning signs among the websites that have adopted ECH for enterprise security professionals to worry about. Related:Digital Fingerprints Test Privacy Concerns in 2025Bad actors have recognized the opportunity presented by Cloudflare's infrastructure — our analysis found that over 90%    of phishing sites used Cloudflare infrastructure.      Enterprise security professionals need to take these threats seriously. Because of ECH, security leaders today can be less confident in their ability to protect their users against phishing attempts and other threats.  Where ECH Goes From HereThe introduction of ECH led many security professionals to worry that their tools would become less effective. Yet our research shows that kind of "visibility apocalypse" is a long way away, as there are major barriers to adoption on both the user and infrastructure side, particularly for Android and iOS mobile devices. We're unlikely to see a major shift in adoption by either of these user bases in the short or medium term. Enterprise security teams can breathe a sigh of relief knowing that our worst fears around ECH haven't come to pass. But tracking the adoption and impact of ECH are no longer optional — information security professionals must stay vigilant to protect their organizations against malicious actors taking advantage of a new cloak of secrecy. More InsightsIndustry ReportsThe Cloud is No Longer EnoughForrester Wave: for Network Analysis and Visibility Solutions, Q4 2025Gartner Magic Quadrant for Network Detection and Response, 20252025 State of Threat Intelligence: What it means for your cybersecurity strategyState of AI and Automation in Threat IntelligenceAccess More ResearchWebinarsIdentity Security in the Agentic AI EraHow AI & Autonomous Patching Eliminate Exposure RisksSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeLatest Articles in DR TechnologyNew Raptor Framework Uses Agentic Workflows to Create PatchesDec 2, 2025|3 Min ReadVision Language Models Keep an Eye on Physical SecurityNov 24, 2025|5 Min ReadHow We Ditched the SaaS Status Quo for Time-Series TelemetryNov 18, 2025|4 Min ReadNew Startup Mate Launches With AI-Driven Security Operations PlatformNov 17, 2025|2 Min ReadRead More DR TechnologyDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The introduction of Encrypted Client Hello (ECH) represents a complex and, to date, largely unrealized attempt to bolster user privacy within internet communication. As reported by TechTarget’s Digital Business Combine, ECH, an extension of Transport Layer Security (TLS) 1.3, aims to encrypt the “hello” message exchanged between an endpoint device and a web server, thereby obscuring the destination website address from entities such as mobile operators, Internet Service Providers (ISPs), and enterprise security teams. However, despite its potential benefits, ECH adoption remains strikingly low, presenting significant challenges and potential risks for enterprise cybersecurity.

The core issue lies in the fragmented nature of ECH implementation. While the technology itself is sound, widespread adoption is hampered by the necessity for compatibility across both the client-side (browser support and configured encrypted DNS) and the server-side (primarily leveraging Content Delivery Networks, or CDNs). TechTarget’s analysis reveals that, as of late 2025, less than 10% of the top million websites utilize ECH, and an even smaller fraction—0.06% of connections—actually employ it. The overwhelming reliance on Cloudflare’s infrastructure for ECH support (approximately 90% of ECH-enabled sites) further concentrates the risk. This concentration is exacerbated by the fact that Cloudflare is frequently utilized by phishing sites, presenting a notable vulnerability. The analysis underscores the critical point that the apparent disappearance of visibility due to ECH is, in reality, a shifting of the risk, not elimination.

The low adoption rate presents a concerning trend. Malicious actors have recognized and exploited this new level of obscurity. TechTarget’s findings indicate that over 90% of phishing attempts are routed through Cloudflare, highlighting a significant gap in enterprise security defenses. Traditional security tools, relying on visibility of domain names, become less effective when the destination is masked by ECH. Organizations subject to regulatory compliance requirements, particularly in heavily regulated sectors like banking, face additional challenges. These entities are mandated to monitor all internet traffic, rendering their existing security infrastructure less capable of detecting and mitigating threats originating from obscured connections. The lack of visibility forces security leaders to employ more intrusive techniques, potentially degrading user experience and hindering productivity – a trade-off that was anticipated but has yet to fully materialize in terms of broad ECH deployment.

Looking forward, TechTarget’s analysis suggests a cautious approach. The ‘visibility apocalypse’ feared by many security professionals appears unlikely to occur in the short to medium term, largely due to the considerable hurdles surrounding widespread client-side and infrastructure adoption, particularly concerning Android and iOS devices. However, consistent monitoring of ECH’s adoption and impact remains crucial. TechTarget’s research emphasizes that this is no longer an optional exercise for information security professionals; it's a necessary component of risk management. The challenge lies in adapting security strategies to account for this evolving threat landscape, acknowledging that ECH has not dissolved visibility entirely but has simply redirected it, demanding a heightened awareness of the potential for attacks through previously unseen channels.