It would not be hard at all. China, Iran and Russia already do that. Clienthello is not encrypted and that is all you need.
And ECH would not solve this as you can just block cloudflare-ech (or other, depending on CDN) domain itself and force clients to fallback to non-encrypted clienthello.
Everyone gansta till DPI system is installed.
Does it require to be enabled at compilation, or it can be toggled at any time?
Most C binaries usually do not contain everything needed for their execution. It would make them too platform-specific. What most c programs do is that they use standard c library from platform for low-level things and communication with the system like memory allocation or stdin/stdout things, for example.
I would say, that from most important to least important components are:
It is extremely fast and simple. Also, it has its own “aur”, called xbps-src. But nowadays void is not just xbps, it is also defined by runit (which is also extremely fast and simple) and minimalist dependencies (you will have to manually install many things, that other distributions ship reinstalled, in case you need them. By the way, if you prefer GUI package manager, there is octoxbps (not an advantage of xbps, but you might want that when you try void linux).
Void was created just for testing xbps. Without xbps there would be no Void.
Alternative solution: Since YouTube disabled all ads in Russia, you can just use russian vpn/proxy for the most effective YouTube adblocking possible.
Same design, different technologies. LXDE was dropped in favor of lxqt. In terms of performance both are almost the same, but in the future, when all of old code will be dropped from lxqt, it would be lighter. Also lxqt looks more modern compared to lxde.
If you want sane defaults, try lxqt. It is still a huge improvement in performance after cinnamon, but you don’t have to manually configure everything like in WMs.
I, personally, use Void Linux, which is a ‘flagship’ runit distro. But if you want a bigger package repository, then devuan is also a good choice.
Basically, if you do not see any reason to switch from systemd then you should not. The thing with systemd is that it is really big and complicated. If you just use defaults of your distro systemd works just fine, but if you want to (or have to) change something fundamental, then dealing with this monstrosity becomes a bit of pain. You basically end with the situation where you are in a war with your own PC. After some time of this, dealing with an init system that does exactly what you tell it to do feels refreshing. There is also the part, where some init systems (sysVinit and runit) boot faster then others (openRC and systemd), but it is not that significant. I use runit BTW. With my setup I spend much less time dealing with runit then I used to with systemd. That being said I still miss some of systemd features.
TLS clienthello contains unencrypted string, called SNI, that contains the domain of a destination web site. It must be unencrypted to work, because web sites read this string to determine which certificate to use.
You do not break encryption. It is unencrypted by design.
With all due respect, but it seams to me that you do not quite understand how HTTPS works. For encryption it relies on TLS protocol. And TLS does not encrypt everything, it encrypts only payload, but it also has to share some additional data to even establish encrypted connection. The majority of that work is done by exchanging clienthello and serverhello. To do that client has to clarify what server he is even trying to reach as there can be multiple servers on IP, but they have separate certificates, support different cyphers etc. For that a string “SNI”, that contains domain name is used. Only after client and server exchange all the necessary information encrypted conversation can start. So, by looking into clienthello and reading SNI any MITM can determine what web site are you trying to reach.