Because you are lying about what domain you want to access.
This is against the TOS, and simply something you should not do.
I know it helps signal to get around censorship and blocks, and it's technically working, but one should not do that.
I'm not lying about anything. This entire system is designed so that the user can get what they're looking for, and the user is using it to get what they're looking for.
Whether doing this as AWS's customer breaks their TOS is up for debate, but it's a fairly moot one as Amazon could easily change their TOS.
You are only pretending to contact a certain address during the (short) unencrypted phase of the request. As soon as encryption is present you reveal the real address you want to talk to.
Because you are lying about what domain you want to access. This is against the TOS, and simply something you should not do. I know it helps signal to get around censorship and blocks, and it's technically working, but one should not do that.