(no title)

1. during the TLS handshake, the domain name itself might be sent in the clear if the SNI extension is used, and if the SNI extension isn't encrypted[1]

2. if the carrier knows the IP, then they can do a reverse DNS lookup to find the domain name

[1] https://stackoverflow.com/questions/499591/are-https-urls-en...