Thread replies: 46
Thread images: 1
Thread images: 1
File: tc299wwnl29z.jpg (142KB, 600x600px) Image search:
[Google]
142KB, 600x600px
Question: Can my ISP see the website address I'm visiting if it's HTTPS?
>>
>>61352462
Yes. They won't be able to see the subdomain or any paths/queries on the domain but they will be able to see 4chan.org but not that it is /g/
>>
>>61352462
Yes. They can see DNS domain queries. Use a VPN with its own DNS or some shit like DNSCrypt.
>>
>>61352486
>>61352488
Interesting. Thanks!
>>
>>61352462
piggy
>>
>>
>>61352488
After the DNS lookup you will literally be sending your queries to 4chan's IP. It takes exactly 1 DNS lookup from your ISP's side to bypass your autistic encrypted DNS encryption setup.
Use a VPN if you actually want to hide from your ISP.
Also, DNSSEC or DNSCrypt are still useful to prevent dns mitming
>>
>>61353629
what if i use google DNS?
does my ISP see then?
>>
>>61352462
They can see the hostname in plain text, ieboards.4chan.orgfor each request. Everything else from within HTTP is encrypted. The reason the hostname is visible is to make it possible for servers to know what certificate to send to you before it receives and can decrypt the Host header from HTTP.
>>
>>61352462
keep in mind that while in theory they shouldn't be able to see the request *content* (the ip you are connecting to is obviously available to them), if there are compromised CAs, they can.
>>
>>61353723
HTTPS encrypts all data, including the headers. Only exception is when the server uses SNI (which is required for multiple domains under one IP address)
>>
>>61353747
Yeah, that's what I meant. Does the server have to use SNI or will clients always assume it does and send the hostname?
>>
>>61353667
First off, google is botnet. If you're concerned about privacy why are you even considering anything made by google.
Second, yes, your ISP sees the IP address of EVERYTHING you connect to. This means that, if you have cleartext DNS queries, your ISP will see you make the query for 4chan.org, and then connect to that. However, if you encrypt your DNS query, your ISP will only see an encrypted query to whatever DNS server you use, and will then see you connecting to 104.16.118.221. It takes 0 effort to find out that that's 4chan.org's IP.
Google DNS isn't encrypted or anything by the way afaik.
>>61353723
I think that's not necessarily the case if you only have 1 host per IP though.
>>61353747
Yes but since the headers are encrypted, if you have several virtual hosts on the same IP, how to you serve the correct certificate? By receiving the host name using SNI
>>
>>61353747
>>61353770
>Yes but since the headers are encrypted, if you have several virtual hosts on the same IP, how to you serve the correct certificate? By receiving the host name using SNI
Disregard this, I can't read
>>
>>61353770
you have no idea how DNS works kiddo, pls stop posting
>>
>he doesnt host his own DNS on his RasPi
normies please leave
>>
>>61352486
Actually, subdomains are disclosed through DNS as they are resolved seperately. Actual URL paths and search terms are not
>>
>>61353820
Please kindly point out what was wrong
>>
>>61353855
DNS is not capable of logging visited URLs, because it has nothing to do with URLs (just domain names, but not the protocol or the path).
>>
>>61352462
>>61353723
It's still reasonably trivial to determine the page or guess the set of pages being looked at based on the number of requests, size of responses, and where the requests are directed.
E.g. Going to /pol/ your browser will additionally request a set of flags from s.4chan.org where as /g/ won't make that request. The ISP won't know for certain that it was flags you received but based on size of payload and that you made that extra request it is likely. Equally picture heavy boards will show a different profile than more text orientated boards.
This can apply to other sites where different pages might make additional requests to load videos or hotlink youtube or a very specific offsite content
>>
>>61354147
damn you're fucking retarded, i said that you should stop posting
>>
>>61353887
Yes, and? Where did I claim otherwise?
>>
>>61354382
He's not me, and he's right. Even HTTPS encryption does not obfuscate - or only minimally obfuscates - request sizes, timings, etc.
This is similar to how tor can be compromised.
>>
>>61352488
>Use a VPN
I don't see the point when 95% of my web surfing is done on 4chan
>>
>>61354404
wrong, wrong and wrong
>>
You fucking idiots
Your ISP can only see the domain name of the site that you connect to, and nothing else.
Jesus crists read how HTTPS workd you fucking degenerates.
>>
>>61354488
Great argument 10/10
>>61354513
Who itt claimed otherwise
>>
>>61352462
I remember planking
>>
>>61354732
The address and domain are different things
>>
>>61354488
This isn't the same paper I was thinking of but comes to similar conclusions.
Whether this highlights a risk to your threat model is up to you to decide.
I believe whatsapp and signal transmit additional data in order to attempt to counter this bust don't have a source proving whether this is the case or not.
https://scirate.com/arxiv/1403.0297
Revelations of large scale electronic surveillance and data mining by governments and corporations have fueled increased adoption of HTTPS. We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10 widely used, industry-leading websites in areas such as healthcare, finance, legal services and streaming video. Our attack identifies individual pages in the same website with 89% accuracy, exposing personal details including medical conditions, financial and legal affairs and sexual orientation. We examine evaluation methodology and reveal accuracy variations as large as 18% caused by assumptions affecting caching and cookies. We present a novel defense reducing attack accuracy to 27% with a 9% traffic increase, and demonstrate significantly increased effectiveness of prior defenses in our evaluation context, inclusive of enabled caching, user-specific cookies and pages within the same website.
>>
>>61354513
Literally what the first answer said but thanks for repeating
>>
>>61354409
That's really sad
>>
>>61353851
Subdomain is sent in plaintext not just through the dns lookup, but in the handshake too.
>>
Lets change the situation a little bit: Now I'm using DNSCrypt. What can they see now?
>>
>>61356324
/g/ btfo
>>
>>61356324
The host name including subdomain (eg. sys.4chan.org) sent in plaintext in SNI (server name identification), as multiple anons have already pointed out. You can't turn off SNI as it is a critical part of HTTPS. Furthermore, the IP address is still unique to 4chan (except for the cloudflare cached stuff ofc).
>>
such as cute little piggy such a shame i am going to be eating one of his brothers later
>>
nothing to hide
nothing to fear
>>
>>61356684
Nothing to live for.
>>
>>61356684
>>61356766
holy shit btfo
>>
Question somewhat related, how would I block a certain url but not the whole site, like for example a certain 4chan board on the windows hostfile?
>>
>>61357585
This cannot be done with hosts as it only works with domains. However, you may be able to add rules to your adblocker.
>>
>>61352462
This thread's url:
>>61352462
This means that this data comes frome the directory path: /g/thread/61352462 on the IP associated with boards.4chan.org
The ISP can see you connecting to "boards.4chan.org" but not the directory on the 4chan server /g/thread/61352462
Nor can they see the actual data transferred such as images, etc.
>>
download xampp, download wireshark, start apache, start wireshark, capture traffic, visit https://localhost then click around a bit and observe for yourself
>>
>>61356684
>uses locks on his doors
>Blinds on his windows
>Closes the door when he uses the bathroom
>>
>>61353768
They just assume AFAIK
Thread posts: 46
Thread images: 1
Thread images: 1