Re: you've forgotten about something
Yes, Server Name Indication is visible on the wire in plaintext as part of the initial TLS Client Hello. I've seen it myself in Wireshark traces of HTTPS connections. Use of SNI is common nowadays since many web servers host multiple sites and need that information to present the correct server certificate.
Don't forget that the domain name of a web site could potentially reveal a great deal of personal information about the person accessing it, even if the individual pages and requests are hidden. Visiting a website for a divorce lawyer likely indicates a relationship in trouble, visiting certain adult sites may reveal sexual orientation or fetishes, visiting a payday loan company could reveal financial troubles etc etc. For this reason we should still be concerned about government plans to keep lists of visited domains. Also, whilst "use HTTPS" is good advice as far as it goes, there's a danger that the manta becomes a substitute for deeper understanding of the risks involved.
Having said that, thanks for doing an article about internet security in simple language. I've been looking for something I can show friends and family about the topic in words they can grasp. I'm not ready to show it to them in its current form: many commenters have pointed out various flaws in the text as written. With a bit of redrafting, it could become a really nice starter article for those who want to improve their awareness.
Biting the hand that feeds IT
