You can already see what site someone visits with HTTPS. It's in the Client Hello, and is important for things like L4 load balancing (e.g. HAProxy can look at the host to choose what backend to forward the TCP packets for that connection to without terminating TLS). It's also important for network operators (e.g. you at home) to be able to filter unwanted traffic (e.g. Google's).
I don't think seeing the site is too important, although there are TLS extensions to encrypt that, too[0]. In practice, a huge chunk of sites still have unique IPs, so seeing that someone is connecting to 1.2.3.4 gives you a pretty good idea of what site they're visiting. That's even easier if they're using plaintext DNS (i.e. instead of DoH) so that you can correlate "dig -t a example.com => 1.2.3.4" followed immediately by a TCP connection to 1.2.3.4. CDNs like Cloudflare can mitigate that for a lot of sites, but not millions of others.
However, the page you're fetching from that domain is encrypted, and that's vastly more sensitive. It's no big deal to visit somemedicinewebsite.com in a theocratic region like Iran or Texas. It may be a very big deal to be caught visiting somemedicinewebsite.com/effective-abortion-meds/buy. TLS blocks that bit of information. Today, it still exposes that you're looking at plannedparenthood.com, until if/when TLS_ECH catches on and becomes pervasive. That's a bummer. But you still have plausible deniability to say "I was just looking at it so I could see how evil it was", rather than having to explain why you were checking out "/schedule-an-appointment".
[0]https://developers.cloudflare.com/ssl/edge-certificates/ech/
The CIA’s website was a very early adopter of HTTPS across the board, for this very reason.
Most of the site hosted general information about the agency and its functions, but they also had a section where you could provide information.
Great point, and an excellent illustration. If it was trivial for an adversary to see that some people were visiting http://cia.gov/visitor-center-and-gift-shop-hours, but others were visiting https://cia.gov/[we-can't-see-this-part], they'd know exactly who to concentrate their rubber hose cryptography efforts on.
> But you still have plausible deniability to say "I was just looking at it so I could see how evil it was", rather than having to explain why you were checking out "/schedule-an-appointment".
TLS traffic analysis can still reveal which pages you accessed with some degree of confidence, based on packet sizes, timings, external resources that differ between pages (e.g. images)
https://blog.cloudflare.com/announcing-encrypted-client-hell...
Yes that's why I listed a couple reasons why adopting ECH everywhere is not straightforwardly all good. The network operator one in particular is I think quite important. It happens that the same company with the largest pushes for "privacy" (Google) has also been constantly making it more difficult to make traffic transparent to the actual device owner (e.g. making it so you can't just drop a CA onto your phone and have all apps trust it). Things like DoH, ECH, and ubiquitous TLS (with half the web making an opaque connection to the same Cloudflare IPs) then become weaponized against device owners.
AFAIK it's still not that widely adopted or can be easily blocked/disabled on a network though.
That sounds like an Android issue, not a TLS issue. If I need to break TLS I can add my own CA. Not having TLS is not the solution. Google will find other ways to take control from you.