I was wondering if a VPN would add any kind of security or privacy if one is connecting to a host with a client/browser that supports DNS over HTTPS and that host supports encrypted client hello. Is there a way for the ISP or anything in between to shape traffic or even know what is being accessed? The only thing that should be visible is traffic between two IP addresses right?
The DNS traffic might be encrypted but that doesn’t mean that other protocols are. A VPN tunnel encrypts all traffic passing through regardless of protocol.
This is the correct answer. A VPN encrypts and obfuscates all your connections, not just the web browser.
If all you care about is hiding the websites you visit from your ISP, DNS over TLS is fine. But just remember that you’re bleeding data by using your real IP (ISP, geolocation, etc.). And any other connection, is just unabashedly, you.
Well I was mostly thinking about Usenet but I guess everything else applies. Websites really can leak everything.
But so does TLS right?
Yes, HTTPS traffic is encrypted also, but I wouldn’t trust that all of your activity online is hidden just because DNS and HTTPS are encrypted.
Up to you, but I use a VPN when online.