Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




5 posts

Wannabe Geek


# 81575 14-Apr-2011 18:58
Send private message

I guess its time for buys those costly VPNs but can we get away with https?


Rapidshare downloads can be HTTPS. Can ISPs snoop that?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3594 posts

Uber Geek

Trusted
WorldxChange

  # 458899 14-Apr-2011 19:14
Send private message

if your not downloading anything illegal nothing to worry about... otherwise assume big brother can get you if he wants Tongue out




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

19282 posts

Uber Geek
Inactive user


  # 458908 14-Apr-2011 19:36
Send private message

Sounds like you have sonething to hide

 
 
 
 


2818 posts

Uber Geek

Trusted
Vodafone
Subscriber

  # 458916 14-Apr-2011 20:05
Send private message

Put on your tin foil hat and you'll be fine.




Check out my LPFM Radio Station at www.thecheese.co.nz cool


2714 posts

Uber Geek

Trusted

  # 458920 14-Apr-2011 20:20
Send private message

ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.

2818 posts

Uber Geek

Trusted
Vodafone
Subscriber

  # 458922 14-Apr-2011 20:24
Send private message

Lol




Check out my LPFM Radio Station at www.thecheese.co.nz cool


Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 458928 14-Apr-2011 20:34
Send private message

s26f84:
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.

for example:

if you go to https://www.illegalstudffhere.com/getfile.py?filename=superillegalfile.txt

then your ISP and everybody (other ISPs and transit providers) between you and the web server will see that you requested the https://www.illegalstudffhere.com website.  They wont see the GET request or the parameters - "/getfile.py?filename=superillegalfile.txt" though as that will be encyrpted.  The contents of the page/file returned will also be encrypted.

NB.  the full unencrypted URL might be able to be extracted from your browser history, or from the server logs at the other end...  its only encrypted while in transit between each endpoint.




92 posts

Master Geek


  # 458931 14-Apr-2011 20:38
Send private message

dclegg:
ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.


+1
that just happened

i hear ivpn is good. I dont see many detailed questions answered with what happened last night 

 
 
 
 


2182 posts

Uber Geek

Trusted

  # 458934 14-Apr-2011 20:55
Send private message

s26f84: I guess its time for buys those costly VPNs but can we get away with https?
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


It depends: How paranoid are you?

HTTPS isn't going to be cached by the big proxies that TelstraClear, Telecom and who-knows-who-else has.  HTTP is (OK maybe not cached, but they'll see the request)

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.

As Regs has also pointed out, most HTTPS sites are fairly trackable in that a IP can be reverse mapped to a HTTPS site.

I wouldn't reply on HTTPS to hide you, but at the same time I'd doubt your ISP will start enforcing this without some sort of "Watch out, we're going to inforce this lame law"

This bill isn't going to catch out tech-savvey people.




I hate you.


Cloud Guru
4060 posts

Uber Geek

Trusted
Snowflake
Subscriber

  # 458945 14-Apr-2011 21:08
Send private message

muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.

the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.




2182 posts

Uber Geek

Trusted

  # 458949 14-Apr-2011 21:16
Send private message

Regs:
muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.


A good point, the ISPs aren't going to be policing this.  But making it harder for the ISP to post-investigate seems to be of interest to people.  Doing stuff to not appear in logs therefore seems to be a good idea.

Regs: the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.


Yes, you're right.  Making sure a trackable IP doesn't appear in the end-site would be the key thing here.  HTTP or HTTPS isn't going to help.






I hate you.


186 posts

Master Geek


  # 459058 15-Apr-2011 10:00
Send private message

the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

1990 posts

Uber Geek

Trusted

  # 459234 15-Apr-2011 18:49
Send private message

On the other hand, SSL to an anonymous web proxy will help. If you know one that doesnt charge too much...




Qualified in business, certified in fibre, stuck in copper, have to keep going  ^_^

1598 posts

Uber Geek
Inactive user


  # 459243 15-Apr-2011 19:17
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

I just tried running my web browsing through my own personal proxy for testing purposes and it could show the Host name but not the url, that was encrypted.

2800 posts

Uber Geek

Trusted

  # 459251 15-Apr-2011 20:38
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.? the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
?


what if you use google's dns?




Solution Architect @Intergen
All comments are my own opinion, and not that of my employer unless explicitly stated.


269 posts

Ultimate Geek


  # 459267 15-Apr-2011 22:41
Send private message

If you are concerned about ISPs snooping on your traffic on behalf of a malevolent government, then HTTPS isn't going to save you.

If it is determined that HTTPS is getting used extensively to avoid the law, then I'm pretty sure the government is capable of obtaining valid certs to spoof the sites of concern and do a man-in-the-middle attack.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.