Firstly, I'm sorry for my bad English. I'm still learning it. Here it goes:
When I host a single website per IP address, I can use "pure" SSL (without SNI), and the key exchange occurs before the user even tells me the hostname and path that he wants to retrieve. After the key exchange, all data can be securely exchanged. That said, if anybody happens to be sniffing the network, no confidential information is leaked* (see footnote).
On the other hand, if I host multiple websites per IP address, I will probably use SNI, and therefore my website visitor needs to tell me the target hostname before I can provide him with the right certificate. In this case, someone sniffing his network can track all the website domains he is accessing.
Are there any errors in my assumptions? If not, doesn't this represent a privacy concern, assuming the user is also using encrypted DNS?
Footnote: I also realize that a sniffer could do a reverse lookup on the IP address and find out which websites were visited, but the hostname travelling in plaintext through the network cables seems to make keyword based domain blocking easier for censorship authorities.
Best Answer
Your analysis is incorrect. You are more secure with SNI than without.
Without SNI, the IP address uniquely identifies the host. Thus anyone who can determine the IP address can determine the host.
With SNI, the IP address does not uniquely identify the host. Someone would have to actually intercept and view some of the traffic to determine the exact host. This is more difficult than just obtaining the IP address.
So you are (slightly) more secure with SNI than without it.
Anyone who is going to block based on an intrusive analysis of packet data is going to also block based on IP address. They will block the "bad ones" based on IP address with or without SNI.
However, the answer to your question is "yes". SNI does represent a privacy concern. With SNI, someone who can intercept the traffic does get the host name in addition to the IP address.