Seconding that curiosity. Pretty much every web server I've built uses SNI (at least if it's hosting sites under multiple domains), and the only "downside" of which I'm aware is the lack of IE6 support.

There is a difference between making something "impossible" and making something "easier". Performing reverse DNS lookups, or otherwise trying to maintain a global table of 1:1 domain:IP mappings and perform lookups in real-time, is nowhere near as easy nor reliable as sniffing SNI. IME, it is neither easy nor reliable, nor worth the effort. SNI is the preferred method. SNI is easier. SNI is 100% reliable for detecting what hostname the user is trying to access.

What is the point of so-called "DNS privacy/Private DNS" if "anyone can tell which site you are visiting" simply by observing IP addresses, without any need to see domainnames.

If SNI (plaintext hostnames sent over the wire) is a non-issue, then why are people working on encrypted Client Hello in TLS1.3.