278
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

Man Found Guilty of Child Porn, Because He Ran a Tor Exit Node::undefined

you are viewing a single comment's thread
view the rest of the comments
[-] Jamie@jamie.moe 13 points 1 year ago

The high majority of websites are HTTPS, which means that the contents of requests are end to end encrypted. Technically if it's just HTTP, it's plaintext, but basically no sites operate outside of HTTPS anymore.

All that stuff about everything you do being in the clear is outdated, and basically just VPN propaganda. The only parts of typical web browsing that aren't encrypted are DNS resolutions, but DoH and encrypted DNS are starting to be a thing. In which case, your ISP/gov will know you're accessing your bank's site, but not what you're doing on there because everything else is encrypted.

Tl;Dr: Everything being plaintext is really outdated and is basically VPN propaganda. The majority of network traffic for most users is end to end encrypted already.

That is not completely true. Often the payload is encrypted but not the metadata. It is the metadata that usually is the cause of privacy issues.

[-] Jamie@jamie.moe 4 points 1 year ago

I think you might misunderstand what metadata is. The type of metadata you might be referring to are simply tracking methods employed on webpages by the likes of Facebook, Google, and other advertisers. But those are encrypted as well, they're not open to view by anyone in the middle because they also utilize HTTPS. The vulnerability they pose is the potential for that data to be given up, or subpoenaed on the database end. There is no magic unencrypted data sent when dealing with accessing a website except, as mentioned, possibly the DNS query, which can be easily encrypted via DoH.

Except, VPNs and Tor aren't even magic bullets for privacy. The moment you log into a service, you lose your veil of privacy if your activities can be reasonably linked. To really remain private, you would need to use Tor Browser, likely over a VPN, preferably on a live booted system like Tails, and forego any usage of JavaScript or account logins. Doing anything different exposes you to tracking methods. Which removes you from using the majority of the Internet.

[-] beatle@aussie.zone 8 points 1 year ago

The Server Name Identification (SNI) standard means that the hostname may not be encrypted if you're using TLS. Also, whether you're using SNI or not, the TCP and IP headers are never encrypted. (If they were, your packets would not be routable.)

https://stackoverflow.com/questions/187655/are-https-headers-encrypted#187679

[-] sloppy_diffuser@sh.itjust.works 3 points 1 year ago

There is work to hopefully improve this situation for SNI at least: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/.

[-] Findmysec@infosec.pub 1 points 4 months ago

As it turns out, eSNI (to take that forward, eCH) has become common in modern browsers with a supported DNS provider

this post was submitted on 24 Jul 2023
278 points (97.9% liked)

Technology

59598 readers
1993 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS