Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


5 posts

Wannabe Geek


Topic # 81575 14-Apr-2011 18:58
Send private message

I guess its time for buys those costly VPNs but can we get away with https?


Rapidshare downloads can be HTTPS. Can ISPs snoop that?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3594 posts

Uber Geek
+1 received by user: 79

Trusted
WorldxChange

  Reply # 458899 14-Apr-2011 19:14
Send private message

if your not downloading anything illegal nothing to worry about... otherwise assume big brother can get you if he wants Tongue out




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 458908 14-Apr-2011 19:36
Send private message

Sounds like you have sonething to hide

2661 posts

Uber Geek
+1 received by user: 222

Trusted

  Reply # 458916 14-Apr-2011 20:05
Send private message

Put on your tin foil hat and you'll be fine.




Check out my LPFM Radio Station at www.thecheese.co.nz cool


2612 posts

Uber Geek
+1 received by user: 604

Trusted

  Reply # 458920 14-Apr-2011 20:20
Send private message

ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.

2661 posts

Uber Geek
+1 received by user: 222

Trusted

  Reply # 458922 14-Apr-2011 20:24
Send private message

Lol




Check out my LPFM Radio Station at www.thecheese.co.nz cool


Infrastructure Geek
4056 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  Reply # 458928 14-Apr-2011 20:34
Send private message

s26f84:
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.

for example:

if you go to https://www.illegalstudffhere.com/getfile.py?filename=superillegalfile.txt

then your ISP and everybody (other ISPs and transit providers) between you and the web server will see that you requested the https://www.illegalstudffhere.com website.  They wont see the GET request or the parameters - "/getfile.py?filename=superillegalfile.txt" though as that will be encyrpted.  The contents of the page/file returned will also be encrypted.

NB.  the full unencrypted URL might be able to be extracted from your browser history, or from the server logs at the other end...  its only encrypted while in transit between each endpoint.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


92 posts

Master Geek


  Reply # 458931 14-Apr-2011 20:38
Send private message

dclegg:
ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.


+1
that just happened

i hear ivpn is good. I dont see many detailed questions answered with what happened last night 

1970 posts

Uber Geek
+1 received by user: 729

Trusted

  Reply # 458934 14-Apr-2011 20:55
Send private message

s26f84: I guess its time for buys those costly VPNs but can we get away with https?
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


It depends: How paranoid are you?

HTTPS isn't going to be cached by the big proxies that TelstraClear, Telecom and who-knows-who-else has.  HTTP is (OK maybe not cached, but they'll see the request)

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.

As Regs has also pointed out, most HTTPS sites are fairly trackable in that a IP can be reverse mapped to a HTTPS site.

I wouldn't reply on HTTPS to hide you, but at the same time I'd doubt your ISP will start enforcing this without some sort of "Watch out, we're going to inforce this lame law"

This bill isn't going to catch out tech-savvey people.




It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


Infrastructure Geek
4056 posts

Uber Geek
+1 received by user: 195

Trusted
Microsoft NZ
Subscriber

  Reply # 458945 14-Apr-2011 21:08
Send private message

muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.

the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


1970 posts

Uber Geek
+1 received by user: 729

Trusted

  Reply # 458949 14-Apr-2011 21:16
Send private message

Regs:
muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.


A good point, the ISPs aren't going to be policing this.  But making it harder for the ISP to post-investigate seems to be of interest to people.  Doing stuff to not appear in logs therefore seems to be a good idea.

Regs: the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.


Yes, you're right.  Making sure a trackable IP doesn't appear in the end-site would be the key thing here.  HTTP or HTTPS isn't going to help.






It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


186 posts

Master Geek


  Reply # 459058 15-Apr-2011 10:00
Send private message

the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

1984 posts

Uber Geek
+1 received by user: 133

Trusted

  Reply # 459234 15-Apr-2011 18:49
Send private message

On the other hand, SSL to an anonymous web proxy will help. If you know one that doesnt charge too much...




Qualified in business, certified in fibre, stuck in copper, have to keep going  ^_^

1598 posts

Uber Geek
Inactive user


  Reply # 459243 15-Apr-2011 19:17
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

I just tried running my web browsing through my own personal proxy for testing purposes and it could show the Host name but not the url, that was encrypted.

2777 posts

Uber Geek
+1 received by user: 152

Trusted

  Reply # 459251 15-Apr-2011 20:38
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.? the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
?


what if you use google's dns?




Lead Consultant @Intergen
All comments are my own opinion, and not that of my employer unless explicitly stated.


268 posts

Ultimate Geek
+1 received by user: 49


  Reply # 459267 15-Apr-2011 22:41
Send private message

If you are concerned about ISPs snooping on your traffic on behalf of a malevolent government, then HTTPS isn't going to save you.

If it is determined that HTTPS is getting used extensively to avoid the law, then I'm pretty sure the government is capable of obtaining valid certs to spoof the sites of concern and do a man-in-the-middle attack.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.