Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




5 posts

Wannabe Geek


Topic # 81575 14-Apr-2011 18:58
Send private message

I guess its time for buys those costly VPNs but can we get away with https?


Rapidshare downloads can be HTTPS. Can ISPs snoop that?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3594 posts

Uber Geek
+1 received by user: 79

Trusted
WorldxChange

  Reply # 458899 14-Apr-2011 19:14
Send private message

if your not downloading anything illegal nothing to worry about... otherwise assume big brother can get you if he wants Tongue out




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 458908 14-Apr-2011 19:36
Send private message

Sounds like you have sonething to hide

 
 
 
 


2575 posts

Uber Geek
+1 received by user: 193

Trusted

  Reply # 458916 14-Apr-2011 20:05
Send private message

Put on your tin foil hat and you'll be fine.




Check out my LPFM Radio Station at www.thecheese.co.nz cool

 

 

 

Use this link to sign up to Bigpipe broadband and you'll get $20 off your first bill: Referral Link


2442 posts

Uber Geek
+1 received by user: 479

Trusted

  Reply # 458920 14-Apr-2011 20:20
Send private message

ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.

2575 posts

Uber Geek
+1 received by user: 193

Trusted

  Reply # 458922 14-Apr-2011 20:24
Send private message

Lol




Check out my LPFM Radio Station at www.thecheese.co.nz cool

 

 

 

Use this link to sign up to Bigpipe broadband and you'll get $20 off your first bill: Referral Link


Infrastructure Geek
4042 posts

Uber Geek
+1 received by user: 193

Trusted
Microsoft NZ
Subscriber

  Reply # 458928 14-Apr-2011 20:34
Send private message

s26f84:
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.

for example:

if you go to https://www.illegalstudffhere.com/getfile.py?filename=superillegalfile.txt

then your ISP and everybody (other ISPs and transit providers) between you and the web server will see that you requested the https://www.illegalstudffhere.com website.  They wont see the GET request or the parameters - "/getfile.py?filename=superillegalfile.txt" though as that will be encyrpted.  The contents of the page/file returned will also be encrypted.

NB.  the full unencrypted URL might be able to be extracted from your browser history, or from the server logs at the other end...  its only encrypted while in transit between each endpoint.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


92 posts

Master Geek


  Reply # 458931 14-Apr-2011 20:38
Send private message

dclegg:
ZollyMonsta: Put on your tin foil hat and you'll be fine.


Just make sure it IS yours. You don't want to get prosecuted for illegal foil sharing.


+1
that just happened

i hear ivpn is good. I dont see many detailed questions answered with what happened last night 

1807 posts

Uber Geek
+1 received by user: 570

Trusted

  Reply # 458934 14-Apr-2011 20:55
Send private message

s26f84: I guess its time for buys those costly VPNs but can we get away with https?
Rapidshare downloads can be HTTPS. Can ISPs snoop that?


It depends: How paranoid are you?

HTTPS isn't going to be cached by the big proxies that TelstraClear, Telecom and who-knows-who-else has.  HTTP is (OK maybe not cached, but they'll see the request)

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.

As Regs has also pointed out, most HTTPS sites are fairly trackable in that a IP can be reverse mapped to a HTTPS site.

I wouldn't reply on HTTPS to hide you, but at the same time I'd doubt your ISP will start enforcing this without some sort of "Watch out, we're going to inforce this lame law"

This bill isn't going to catch out tech-savvey people.




It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


Infrastructure Geek
4042 posts

Uber Geek
+1 received by user: 193

Trusted
Microsoft NZ
Subscriber

  Reply # 458945 14-Apr-2011 21:08
Send private message

muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.

the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.




Technical Evangelist
Microsoft NZ
about.me/nzregs
Twitter: @nzregs


1807 posts

Uber Geek
+1 received by user: 570

Trusted

  Reply # 458949 14-Apr-2011 21:16
Send private message

Regs:
muppet:

HTTPS is still going to require a DNS lookup though.  If you're not tunneling those DNS requests, then your ISP could pickup on the fact you're requesting certain hosts.



i dont think it really matters if the ISP sees you accessing a certain site anyway.  the ISP may care if you're using all their bandwidth pool, but beyond that I cant see any reason for them to care.


A good point, the ISPs aren't going to be policing this.  But making it harder for the ISP to post-investigate seems to be of interest to people.  Doing stuff to not appear in logs therefore seems to be a good idea.

Regs: the ISP doesnt do the detection/investigation of piracy, they just act on notices sent from the copyright holders.  the copyright holders dont get access to ISP logs, or portions of ISP logs without a warrant. the copyright holders cant get a warrant unless they have some sort of evidence of an offence in the first place.


Yes, you're right.  Making sure a trackable IP doesn't appear in the end-site would be the key thing here.  HTTP or HTTPS isn't going to help.






It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


186 posts

Master Geek


  Reply # 459058 15-Apr-2011 10:00
Send private message

the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

1889 posts

Uber Geek
+1 received by user: 119

Trusted

  Reply # 459234 15-Apr-2011 18:49
Send private message

On the other hand, SSL to an anonymous web proxy will help. If you know one that doesnt charge too much...




Qualified in business, certified in fibre, stuck in copper, have to keep going  ^_^

1598 posts

Uber Geek
Inactive user


  Reply # 459243 15-Apr-2011 19:17
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.  the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
 

I just tried running my web browsing through my own personal proxy for testing purposes and it could show the Host name but not the url, that was encrypted.

2712 posts

Uber Geek
+1 received by user: 128

Trusted

  Reply # 459251 15-Apr-2011 20:38
Send private message

foobar:
the host portion of the url you type in the browser is unencrypted and it has to be, otherwise it would be kind of difficult to reach a host.? the GET request and any parameters are encrypted.


That is not correct.

Your entire HTTP header (including the Host line) are encrypted with SSL. The issue is that at some point you will have to do a DNS lookup for the name. However, that is a different request and may have happened at any time before the browser attempts the connection. So, if someone can correlate your DNS and HTTP(s) queries ... then, yeah, they know the domain you are accessing. If they only see your SSL traffic, however, then all they see is the IP address you are connecting to. Sadly, in the case of SSL, that is often enough to also arrive at your domain.
?


what if you use google's dns?




Lead Consultant @Intergen
All comments are my own opinion, and not that of my employer unless explicitly stated.


264 posts

Ultimate Geek
+1 received by user: 46


  Reply # 459267 15-Apr-2011 22:41
Send private message

If you are concerned about ISPs snooping on your traffic on behalf of a malevolent government, then HTTPS isn't going to save you.

If it is determined that HTTPS is getting used extensively to avoid the law, then I'm pretty sure the government is capable of obtaining valid certs to spoof the sites of concern and do a man-in-the-middle attack.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Public Wi-Fi plus cloud file sharing
Posted 18-Aug-2017 11:20


D-Link NZ launches professional Wireless AC Wave 2 Access Point for businesses
Posted 17-Aug-2017 19:25


Garmin introduces the Rino 700 five-watt two-way handheld radio
Posted 17-Aug-2017 19:04


Garmin announces the Foretrex 601 and Foretrex 701 Ballistic Edition for outdoor and tactical use
Posted 17-Aug-2017 19:02


Brightstar announces new distribution partnership with Samsung Knox platform in Australia
Posted 17-Aug-2017 17:07


Free gig-enabled WiFi network extends across Dunedin
Posted 17-Aug-2017 17:04


Samsung expands with connect Gear S3 Frontier
Posted 17-Aug-2017 15:55


Fact-checking Southern Cross Next cable is fastest to USA
Posted 17-Aug-2017 13:57


Thurrott says Microsoft Surface is dead last for reliability
Posted 16-Aug-2017 15:19


LibreOffice 5.4 works better with Microsoft Office files
Posted 16-Aug-2017 13:32


Certus launches Cognition
Posted 14-Aug-2017 09:31


Spark adds Cambridge, Turangi to 4.5G network
Posted 10-Aug-2017 17:55


REANNZ network to receive ongoing Government funding through to 2024
Posted 10-Aug-2017 16:05


Chorus backhaul starts with 2degrees
Posted 10-Aug-2017 15:49


New Zealanders cool on data analytics catching benefit fraud
Posted 10-Aug-2017 09:56



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.