ISP snooping

Forums › New Zealand Broadband › ISP snooping

s26f84

5 posts

Wannabe Geek

#81575 14-Apr-2011 18:58

I guess its time for buys those costly VPNs but can we get away with https?

Rapidshare downloads can be HTTPS. Can ISPs snoop that?

1 | 2

3594 posts

Uber Geek
+1 received by user: 80

Trusted

WorldxChange

#458899 14-Apr-2011 19:14

if your not downloading anything illegal nothing to worry about... otherwise assume big brother can get you if he wants

Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well

https://www.facebook.com/wxccommunications

johnr

19282 posts

Uber Geek
+1 received by user: 2526
Inactive user

#458908 14-Apr-2011 19:36

Sounds like you have sonething to hide

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified

Trusted

#458916 14-Apr-2011 20:05

Put on your tin foil hat and you'll be fine.

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

As per the usual std disclaimer.. "All thoughts typed here are my own."

dclegg

2806 posts

Uber Geek
+1 received by user: 810

Trusted

#458920 14-Apr-2011 20:20

ZollyMonsta: Put on your tin foil hat and you'll be fine.

Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.

ZollyMonsta

3009 posts

Uber Geek
+1 received by user: 379

ID Verified

Trusted

#458922 14-Apr-2011 20:24

Lol

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

As per the usual std disclaimer.. "All thoughts typed here are my own."

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#458928 14-Apr-2011 20:34

s26f84:
Rapidshare downloads can be HTTPS. Can ISPs snoop that?

the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host. the GET request and any parameters are encrypted.

for example:

if you go to https://www.illegalstudffhere.com/getfile.py?filename=superillegalfile.txt

then your ISP and everybody (other ISPs and transit providers) between you and the web server will see that you requested the https://www.illegalstudffhere.com website. They wont see the GET request or the parameters - "/getfile.py?filename=superillegalfile.txt" though as that will be encyrpted. The contents of the page/file returned will also be encrypted.

NB. the full unencrypted URL might be able to be extracted from your browser history, or from the server logs at the other end... its only encrypted while in transit between each endpoint.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

HP

Shop now for HP laptops and other devices (affiliate link).

amford

92 posts

Master Geek

#458931 14-Apr-2011 20:38

dclegg:
ZollyMonsta: Put on your tin foil hat and you'll be fine.

Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.

+1
that just happened

i hear ivpn is good. I dont see many detailed questions answered with what happened last night

muppet

2643 posts

Uber Geek
+1 received by user: 1660

Trusted

#458934 14-Apr-2011 20:55

s26f84: I guess its time for buys those costly VPNs but can we get away with https?
Rapidshare downloads can be HTTPS. Can ISPs snoop that?

It depends: How paranoid are you?

HTTPS isn't going to be cached by the big proxies that TelstraClear, Telecom and who-knows-who-else has. HTTP is (OK maybe not cached, but they'll see the request)

HTTPS is still going to require a DNS lookup though. If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.

As Regs has also pointed out, most HTTPS sites are fairly trackable in that a IP can be reverse mapped to a HTTPS site.

I wouldn't reply on HTTPS to hide you, but at the same time I'd doubt your ISP will start enforcing this without some sort of "Watch out, we're going to inforce this lame law"

This bill isn't going to catch out tech-savvey people.

Audiophiles are such twits! They buy such pointless stuff: Gold plated cables, $2000 power cords. Idiots.

OOOHHHH HYPERFIBRE!

Regs

4066 posts

Uber Geek
+1 received by user: 206

Trusted

Snowflake

#458945 14-Apr-2011 21:08

muppet:

HTTPS is still going to require a DNS lookup though. If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.

i dont think it really matters if the ISP sees you accessing a certain site anyway. the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.

the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders. the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

muppet

2643 posts

Uber Geek
+1 received by user: 1660

Trusted

#458949 14-Apr-2011 21:16

Regs:
muppet:

HTTPS is still going to require a DNS lookup though. If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.

i dont think it really matters if the ISP sees you accessing a certain site anyway. the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.

A good point, the ISPs aren't going to be policing this. But making it harder for the ISP to post-investigate seems to be of interest to people. Doing stuff to not appear in logs therefore seems to be a good idea.

Regs: the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders. the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.

Yes, you're right. Making sure a trackable IP doesn't appear in the end-site would be the key thing here. HTTP or HTTPS isn't going to help.

Audiophiles are such twits! They buy such pointless stuff: Gold plated cables, $2000 power cords. Idiots.

OOOHHHH HYPERFIBRE!

foobar

186 posts

Master Geek

#459058 15-Apr-2011 10:00

the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host. the GET request and any parameters are encrypted.

That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.

The blog: foobar on computers, software and the rest of the world: http://www.geekzone.co.nz/foobar

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

webwat

2036 posts

Uber Geek
+1 received by user: 145

Trusted

#459234 15-Apr-2011 18:49

On the other hand, SSL to an anonymous web proxy will help. If you know one that doesnt charge too much...

Time to find a new industry!

codyc1515

1598 posts

Uber Geek
Inactive user

#459243 15-Apr-2011 19:17

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host. the GET request and any parameters are encrypted.

That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.

I just tried running my web browsing through my own personal proxy for testing purposes and it could show the Host name but not the url, that was encrypted.

lokhor

2858 posts

Uber Geek
+1 received by user: 171

Trusted

#459251 15-Apr-2011 20:38

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.? the GET request and any parameters are encrypted.

That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
?

what if you use google's dns?

All comments are my own opinion, and not that of my employer unless explicitly stated.

Jarno

270 posts

Ultimate Geek
+1 received by user: 50

#459267 15-Apr-2011 22:41

If you are concerned about ISPs snooping on your traffic on behalf of a malevolent government, then HTTPS isn't going to save you.

If it is determined that HTTPS is getting used extensively to avoid the law, then I'm pretty sure the government is capable of obtaining valid certs to spoof the sites of concern and do a man-in-the-middle attack.

1 | 2