Can ISP Service Desks access your web history?

Forums › Off topic › Can ISP Service Desks access your web history?

1 | 2 | 3

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#812797 7-May-2013 13:34

Does https hide the URL or does it just encrypt the content of the request/response? I thought the URL was still clear text, but perhaps it creates an encrypted connection with the server then requests the URL.

Anyone with low level access will be able to tell what server you're addressing even if the full URL is hidden.

kyhwana2

2572 posts

Uber Geek
+1 received by user: 233

#812812 7-May-2013 13:43

timmmay: Does https hide the URL or does it just encrypt the content of the request/response? I thought the URL was still clear text, but perhaps it creates an encrypted connection with the server then requests the URL.

Anyone with low level access will be able to tell what server you're addressing even if the full URL is hidden.

The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to.
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.

ajobbins

5053 posts

Uber Geek
+1 received by user: 1279

Trusted

#813120 7-May-2013 18:33

freitasm: Many years ago my (then) girlfriend looked at my monitor and asked "Are you looking at porn sites?"...

The url was "godaddy.com".

True story.

Was this because she saw the URL, or the scantily clad attractive young female that often featured on the GoDaddy homepage?

Twitter: ajobbins

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#813122 7-May-2013 18:36

The URL...

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

ajobbins

5053 posts

Uber Geek
+1 received by user: 1279

Trusted

#813125 7-May-2013 18:40

freitasm: The URL...

Google Images

Twitter: ajobbins

Klipspringer

2385 posts

Uber Geek
+1 received by user: 286
Inactive user

#813127 7-May-2013 18:42

ajobbins:
freitasm: The URL...

Google Images

LOL brilliant

Lego

Shop now for Lego sets and other gifts (affiliate link).

Klipspringer

2385 posts

Uber Geek
+1 received by user: 286
Inactive user

#813131 7-May-2013 18:52

kyhwana2:
The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to.
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.

The DNS leak is only limited to google chrome and internet explorer. Firefox has the ability to send DNS requests via the proxy. Problem solved :-)

maverick

3594 posts

Uber Geek
+1 received by user: 80

Trusted

WorldxChange

#813133 7-May-2013 18:55

freitasm: Many years ago my (then) girlfriend looked at my monitor and asked "Are you looking at porn sites?"...

The url was "godaddy.com".

True story.

sure it wasn't whosyourdaddy.com

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

antoniosk

2382 posts

Uber Geek
+1 received by user: 742

ID Verified

Trusted

Lifetime subscriber

#813142 7-May-2013 19:11

maverick:
freitasm: Many years ago my (then) girlfriend looked at my monitor and asked "Are you looking at porn sites?"...

The url was "godaddy.com".

True story.

sure it wasn't whosyourdaddy.com

hahahahahahahahaahahahahahaha

________

Antoniosk

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#813145 7-May-2013 19:14

ajobbins:
freitasm: The URL...

Google Images

Thanks for pointing these out. I have never noticed this before.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

richms

29099 posts

Uber Geek
+1 received by user: 10210

Trusted

Lifetime subscriber

#813179 7-May-2013 19:34

Phone calls is a whole nother matter tho. Its why people I know with partners working at a telco always have their mobile with the other telco ;)

Richard rich.ms

Dyson

Shop now for Dyson appliances (affiliate link).

Kyanar

4089 posts

Uber Geek
+1 received by user: 1684

ID Verified

Trusted

#813444 8-May-2013 07:57

Klipspringer:
kyhwana2:
The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to.
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.

The DNS leak is only limited to google chrome and internet explorer. Firefox has the ability to send DNS requests via the proxy. Problem solved :-)

How is that problem solved? The DNS request is still unencrypted, and still has to pass through the Layer 7 appliances your ISP has, so it can still be read if they had any inclination to. The important thing is that your ISP doesn't have any inclination to.

timmmay

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#813449 8-May-2013 08:01

You may be able to get around that by using google DNS, but is there such a thing as secure DNS? That would be a great way to slow DNS down, as the overhead of setting up a secure connection aren't trivial.

Klipspringer

2385 posts

Uber Geek
+1 received by user: 286
Inactive user

#813465 8-May-2013 08:19

Kyanar:
Klipspringer:
kyhwana2:
The entire URL is encrypted, other than a DNS request for example.com, all your ISP will see is an encrypted connection on port 443 to whatever IP example.com resolves to.
If they don't check the DNS requests, all they'd see is the IP and you can host multiple domains/websites on a single IP address.

The DNS leak is only limited to google chrome and internet explorer. Firefox has the ability to send DNS requests via the proxy. Problem solved :-)

How is that problem solved? The DNS request is still unencrypted, and still has to pass through the Layer 7 appliances your ISP has, so it can still be read if they had any inclination to. The important thing is that your ISP doesn't have any inclination to.

Because the DNS request is sent on the remote side of the connection, not locally.

The DNS request is encrypted just like everything else so your ISP cannot read it. I tested this a while ago using Wireshark. All browsers will leak the DNS requests except for firefox when setup correctly.

More info here on how to enable remote DNS lookups in firefox.

Kyanar

4089 posts

Uber Geek
+1 received by user: 1684

ID Verified

Trusted

#813472 8-May-2013 08:31

Klipspringer:

Because the DNS request is sent on the remote side of the connection, not locally.

The DNS request is encrypted just like everything else so your ISP cannot read it. I tested this a while ago using Wireshark. All browsers will leak the DNS requests except for firefox when setup correctly.

More info here on how to enable remote DNS lookups in firefox.

The DNS request is ALWAYS sent on the remote side of the connection. What happens is a CONNECT request is sent to the proxy, in the form "CONNECT www.example.com:80" (for HTTP, it will be similar for SOCKS) and the proxy will handle the task of performing the DNS lookup. The connection between you and the proxy is still unencrypted and can be intercepted and analysed by Layer 7 DPI equipment - again, if your ISP feels so inclined which it is very unlikely they do.

1 | 2 | 3