in your mind, ssl won't leak anything. and non ssl leaks everything.
make a list of everything you can infer without a cert looking on a ssl connection. then add on top of that all the things people with the cert or control over CAs can see and make a list of them all
when you're done you notice ssl is not perfect as you think and the extra request and no cache compound all that.
> make a list of everything you can infer without a cert looking on a ssl connection
This exactly, and not just connection but connections, plural. If the network observes my encrypted connection to ocsp.apple.com followed by another encrypted connection to adobegenuine.com, an analyst could reasonably assume I'd just opened an Adobe Creative Suite app. Or if they see ocsp.apple.com followed by update.code.visualstudio.com, I probably just opened VSCode. Auto-updaters are the same kind of privacy scourge and every additional connection makes it worse.
in your mind, ssl won't leak anything. and non ssl leaks everything.
make a list of everything you can infer without a cert looking on a ssl connection. then add on top of that all the things people with the cert or control over CAs can see and make a list of them all
when you're done you notice ssl is not perfect as you think and the extra request and no cache compound all that.