Similarly, they can still see the IP being connected to and in many but not all cases that's as good as seeing the domain name. The collateral damage can deter some of the blocking but I don't think it stops it in general. For IPv6, there's also generally not IP reuse like that.
Conversation
There are some potential privacy issues with DNS-over-TLS and DNS-over-HTTPS due to implementations reusing connections. It mostly applies to using DNS-over-{TLS,HTTPS} with a VPN or Tor though. Without a VPN or Tor source IP address is enough to tie together the requests anyway.
1
1
Where are you getting the assumption that CGN is widely used from? In most of Europe it most certainly is not. I can't emagine that it's significantly different in the US, and as far as I know there hasn't been a paper that covers this.
1
1
Number of ppl is much larger than IPv4 space, especially the portion available for use as ISP customer addresses.
1
1
I am well aware of that, which is why local NAT at the office and home router is used. The only place CGN is widely required is Cellphones, which are slowly moving to IPv6 (using NAT64 for access to legacy).
2
Are you living in the 90s? "Only cell phones" is like "only nearly all users".
2
Cellphones don't run firefox! The Firefox on cell phones is a skin on top of chrome!
2
The main Firefox browser is never a skin on top of Chrome. On iOS, every browser uses the Safari rendering engine, but on Android browsers can and do often supply their own rendering engine (including forks of Chromium) rather than the WebView.
Also, see android-developers.googleblog.com/2018/04/dns-ov.
We're not talking about the rendering engine, we're talking about the connection backend
1
Firefox doesn't use Chromium's networking stack on Android. I specifically mentioned the rendering engine because you can supply your own networking stack on iOS. iOS forces you to use the Safari-based WebView for rendering, but you can handle all the connections on your own.