Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




5 posts

Wannabe Geek


Topic # 81575 14-Apr-2011 18:58
Send private message

I guess its time for buys those costly VPNs but can we get away with https?


Rapidshare downloads can be HTTPS. Can ISPs snoop that?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3594 posts

Uber Geek
+1 received by user: 79

Trusted
WorldxChange

  Reply # 458899 14-Apr-2011 19:14
Send private message

if your not downloading anything illegal nothing to worry about... otherwise assume big brother can get you if he wants Tongue out




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 458908 14-Apr-2011 19:36
Send private message

Sounds like you have sonething to hide

 
 
 
 


2589 posts

Uber Geek
+1 received by user: 193

Trusted

  Reply # 458916 14-Apr-2011 20:05
Send private message

Put on your tin foil hat and you'll be fine.




Check out my LPFM Radio Station at www.thecheese.co.nz cool

 

 

 

Use this link to sign up to Bigpipe broadband and you'll get $20 off your first bill: Referral Link


2535 posts

Uber Geek
+1 received by user: 543

Trusted

  Reply # 458920 14-Apr-2011 20:20
Send private message

ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.

2589 posts

Uber Geek
+1 received by user: 193

Trusted

  Reply # 458922 14-Apr-2011 20:24
Send private message

Lol




Check out my LPFM Radio Station at www.thecheese.co.nz cool

 

 

 

Use this link to sign up to Bigpipe broadband and you'll get $20 off your first bill: Referral Link


Infrastructure Geek
4043 posts

Uber Geek
+1 received by user: 193

Trusted
Microsoft NZ
Subscriber

  Reply # 458928 14-Apr-2011 20:34
Send private message

s26f84:
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.

for example:

if you go to https://www.illegalstudffhere.com/getfile.py?filename=superillegalfile.txt

then your ISP and everybody (other ISPs and transit providers) between you and the web server will see that you requested the https://www.illegalstudffhere.com website.  They wont see the GET request or the parameters - "/getfile.py?filename=superillegalfile.txt" though as that will be encyrpted.  The contents of the page/file returned will also be encrypted.

NB.  the full unencrypted URL might be able to be extracted from your browser history, or from the server logs at the other end...  its only encrypted while in transit between each endpoint.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


92 posts

Master Geek


  Reply # 458931 14-Apr-2011 20:38
Send private message

dclegg:
ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.


+1
that just happened

i hear ivpn is good. I dont see many detailed questions answered with what happened last night 

1880 posts

Uber Geek
+1 received by user: 627

Trusted

  Reply # 458934 14-Apr-2011 20:55
Send private message

s26f84: I guess its time for buys those costly VPNs but can we get away with https?
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


It depends: How paranoid are you?

HTTPS isn't going to be cached by the big proxies that TelstraClear, Telecom and who-knows-who-else has.  HTTP is (OK maybe not cached, but they'll see the request)

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.

As Regs has also pointed out, most HTTPS sites are fairly trackable in that a IP can be reverse mapped to a HTTPS site.

I wouldn't reply on HTTPS to hide you, but at the same time I'd doubt your ISP will start enforcing this without some sort of "Watch out, we're going to inforce this lame law"

This bill isn't going to catch out tech-savvey people.




It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


Infrastructure Geek
4043 posts

Uber Geek
+1 received by user: 193

Trusted
Microsoft NZ
Subscriber

  Reply # 458945 14-Apr-2011 21:08
Send private message

muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.

the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


1880 posts

Uber Geek
+1 received by user: 627

Trusted

  Reply # 458949 14-Apr-2011 21:16
Send private message

Regs:
muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.


A good point, the ISPs aren't going to be policing this.  But making it harder for the ISP to post-investigate seems to be of interest to people.  Doing stuff to not appear in logs therefore seems to be a good idea.

Regs: the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.


Yes, you're right.  Making sure a trackable IP doesn't appear in the end-site would be the key thing here.  HTTP or HTTPS isn't going to help.






It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


186 posts

Master Geek


  Reply # 459058 15-Apr-2011 10:00
Send private message

the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

1943 posts

Uber Geek
+1 received by user: 127

Trusted

  Reply # 459234 15-Apr-2011 18:49
Send private message

On the other hand, SSL to an anonymous web proxy will help. If you know one that doesnt charge too much...




Qualified in business, certified in fibre, stuck in copper, have to keep going  ^_^

1598 posts

Uber Geek
Inactive user


  Reply # 459243 15-Apr-2011 19:17
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

I just tried running my web browsing through my own personal proxy for testing purposes and it could show the Host name but not the url, that was encrypted.

2718 posts

Uber Geek
+1 received by user: 133

Trusted

  Reply # 459251 15-Apr-2011 20:38
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.? the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
?


what if you use google's dns?




Lead Consultant @Intergen
All comments are my own opinion, and not that of my employer unless explicitly stated.


267 posts

Ultimate Geek
+1 received by user: 47


  Reply # 459267 15-Apr-2011 22:41
Send private message

If you are concerned about ISPs snooping on your traffic on behalf of a malevolent government, then HTTPS isn't going to save you.

If it is determined that HTTPS is getting used extensively to avoid the law, then I'm pretty sure the government is capable of obtaining valid certs to spoof the sites of concern and do a man-in-the-middle attack.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.