extremetech.com
extremetech.com
So now what? Do all your browsing through Tor to avoid this and with JS disabled so websites can't fingerprint you? Remember when you only had to be paranoid like this if you wanted to hide from the government instead of regular advertisers?
A good VPN is probably good enough. Tor is slow and attracts scrutiny, but is better for extremely sensitive browsing.
>A good VPN is probably good enough
Did you even read those links? Or perhaps you think it's possible for packets to teleports to your VPN by the power of magic. Eitherway,
how are they going to inspect https packets? http is going to be deprecated soon.
>how are they going to inspect https packets?
They aren't. This is precisely what TLS is for.
You don't know how a VPN works, do you ?
Even HTTPS can protect partially from spying. Your ISP could still sell to advertisers the list of websites you visit, but nothing more.
That's why a basic VPN, a SSH tunnel from a VPS or TOR can protect you from that.
And how exactly do they decrypt the data?
...
checked :^)
nice digits
so what does it matter? is my ip gonna hack my browser and advertise shit i never look at?
You clearly don't even have the first clue about technology. You don't belong on Sup Forums.
Unless the ISPs are doing timing attacks on the requests going to/from VPNs, they should be effective. Don't know if I'd trust a VPN though in that situation as such a timing attack likely wouldn't be to complicated considering timing attacks on Tor are theoretically possible if you control enough nodes.
There is no such thing as privacy on the internet.
Your ISP cannot decrypt an end-to-end encrypted VPN connection. Pls go.
HTTPS can defeat DPI, what are you even on about? At worst they can see the sites you visit but not the content if you are using HTTPS.
cuck go home
Except for anonymity, private messages, private websites, end to end encryption.
ISPs can't do shit and you know it. Deal with it, goy.
>Unless the ISPs are doing timing attacks on the requests going to/from VPNs
That's exactly what metadata includes, dumbass.
Here's how basic encryption works friendo.
You send a site a request with your public key and they send you a response encrypted with your key.
Only your private key can decrypt this response.
In this response is their public key.
You send them the actual important shit encrypted with their public key.
Likewise only their private key can decrypt this response.
Cycle continues.
No you fucktard, your ISP is not spending effort cracking your encrypted communications to sell you tampons.
marry me
>This is precisely what TLS is for.
The ISP can block encryption.
"Golden Frog performed tests using one mobile wireless company’s data service, by manually typing the SMTP commands and requests, and monitoring the responses from the email server in issue. It appears that this particular mobile wireless provider is intercepting the server’s banner message and modifying it in-transit from something like “220 [servername] ESMTP Postfix” to “200 ********************.” The mobile wireless provider is further modifying the server’s response to a client command that lists the extended features supported by the server. The mobile wireless provider modifies the server’s “250-STARTTLS” response (which informs the client of the server’s capacity to enable encryption). The Internet access provider changes it to “250-XXXXXXXA.” Since the client does not receive the proper acknowledgement that STARTTLS is supported by the server, it does not attempt to turn on encryption. If the client nonetheless attempts to use the STARTTLS command, the mobile wireless provider intercepts the client’s commands to the server and changes it too. When it detects the STARTTLS command being sent from the client to the server, the mobile wireless provider modifies the command to “XXXXXXXX.” The server does not understand this command and therefore sends an error message to the client."
>This is precisely what TLS is for.
Encryption only works if the ISP doesn't block it.
"Golden Frog performed tests using one mobile wireless company’s data service, by manually typing the SMTP commands and requests, and monitoring the responses from the email server in issue. It appears that this particular mobile wireless provider is intercepting the server’s banner message and modifying it in-transit from something like “220 [servername] ESMTP Postfix” to “200 ********************.” The mobile wireless provider is further modifying the server’s response to a client command that lists the extended features supported by the server. The mobile wireless provider modifies the server’s “250-STARTTLS” response (which informs the client of the server’s capacity to enable encryption). The Internet access provider changes it to “250-XXXXXXXA.” Since the client does not receive the proper acknowledgement that STARTTLS is supported by the server, it does not attempt to turn on encryption. If the client nonetheless attempts to use the STARTTLS command, the mobile wireless provider intercepts the client’s commands to the server and changes it too. When it detects the STARTTLS command being sent from the client to the server, the mobile wireless provider modifies the command to “XXXXXXXX.” The server does not understand this command and therefore sends an error message to the client."
Stop shitposting you fucking nigger
Wait, what if they inspect the packets and get a source and destination mac address. WITHOUT A WARRANT. We are all doomed. ISP's have gone too far.
What if police see your car parked in a driveway or public parking spot. WITHOUT A WARRANT. We are all doomed. The police have gone too far.
What if I say hello to someone and give them my first name, WITHOUT A WARRANT. We are all doomed. Strangers have gone too far.
Did not mean to double post. I thought the first post got ate after not appearing after a few minutes.
>cracking your encrypted communications
Except that isn't necessary. The VPN is sending and receiving packets using the same ISP, unless said VPN randomizes the time between it receiving a packet from you/the website you're using and sending out a packet to you/the website you're using, it would be trivial for the ISP to correlate the packets traveling to/from the VPN with a good deal of certainty.
Then delete the second post you retard, don't make yet another post about it.
>SMTP
>mobile wireless
We're talking about internet browsing (SMTP is for mails). Also, everyone knows that what you do on a smartphone can't be private in any way.
You don't understand anything about encryption, do you ?
You're not even in high school nigger
ahaha stay in school kid. VPN and HTTPS use end to end encryption. Meaning if you are anywhere in the middle you get nothing but cryptographically secure garbage.
The only thing not encrypted is the key exchange. Which doesn't matter if you do some reading about secure key exchange tehchniques.
en.wikipedia.org
>The VPN is sending and receiving packets using the same ISP, unless said VPN randomizes the time between it receiving a packet from you/the website you're using and sending out a packet to you/the website you're using, it would be trivial for the ISP to correlate the packets traveling to/from the VPN with a good deal of certainty.
No you complete idiot, the packets exit on a different ISP than the one you're on. Nothing can be correlated.
Blocking TLS for SMTP isn' that different from blocking TLS for everyday browsing.
Instead of hanging out on Sup Forums you should hang out in your middle school classes. Or on a rope.
holy shit you're the one that doesn't understand technology
>come to this thread hoping to get a better insight in DPI
>one guy it actually unfamiliar with the concept of cryptography
>others will argue with him until the thread dies
This is not the Sup Forums I was promised.
I love this thread.
let's just say that none of us actually understand technology and move on
Except your fucking wrong. I understand technology just fine.
>VPN takes X amount of time to forward packets
>ISP sees encrypted packet from a user going to a VPN on their network
>ISP sees packet leaving the VPN and going to a website X amount of time later
>ISP then knows what user sent that packet
>HTTPS use end to end encryption
They can still get the data about the websites you visit as that isn't encrypted (otherwise your packets wouldn't make it to the website you're trying to go to).
>the packets exit on a different ISP than the one you're on
They can look up what ISP you're using from your IP range and could sell the data to your ISP who can then sell it to advertisers.
If you wanted to get better insight into a topic and learn something, you seriously thought Sup Forums would promise you that?
The only thing you come here for is retards arguing about how smart they are by saying things that are completely false. They are just like extremist liberals.
are you trolling or retarded
>HTTPS use end to end encryption
What about all the sites out there that still don't use HTTPS?
...
Those are irrelevant to this argument.
In fact, let's stop arguing about this, there are obviously trolls among us and this had the potential to be a good thread. Just ignore the trolls, everyone can recognize them anyway.
> full house of truth
also,
> selling data to advertisers
And what the shit are they gonna do with it? I keep hosts files, I use adblockers, I will browse the internet in fucking w3m if neccesary. They can lick my shit. All that data is wasted bandwith, space and processing if they don't get shekels for it.
t. inbred
That's like asking me about doors without locks on them.
Let's try to think about this with common sense.
1. A door has a lock on it.
2. I can't get into it.
1A. A door does not have a lock on it.
2A. I can get into it.
Using our critical thinking skills, we can deduct that http traffic is insecure and anyone in the middle can intercept and inspect all traffic including content, passwords, and sensitive information.
Using this same logic, we can deduct that yelling your SSN in the middle of a populated area is also inherintly insecure, and anyone within earshot will have your private information.
Sup Forums used to offer just that because people who didn't know shit didn't try to pose as field experts with 50 years of experience when they were told to fuck off. They used to inform themselves and either not reply or respond with information that was at least google'd thoroughly. Even then the rate at which people spouted absolute bullshit not even remotely related to reality was virtually 0 compared to nowadays.
>Those are irrelevant to this argument.
>commonly used web services that are vulnerable to deep packet inspection are irrelevant to discussion about deep packet inspection
I like how everyone thinks the site used to be so good and has recently gone to shit. Nothing has changed it's the same site it has been.
Irrelevant to the argument in this thread you were actually replying to.
>I'm an oldfag I've been there all summer!
>HTTP is vulnerable to DPI
>VPNs aren't particularly effective when the adversary owns the network you are using
>Tor does not have this problem due to increased complexity
VPNs are shit for this situation, deal with it.
You win m'lady. I yield to your expertise. TOR is the only way to preserve our right to refuse DPI or any type of monitoring/advertising.
So someone should completely give up on using some websites (mostly news) instead of accessing them through a service such as Tor?
Oh absolutely. And you should also be wearing tin foil on your head at all times. It's the only way to keep people from reading your mind and stealing your ideas for themselves.
>You send a site a request with your public key and they send you a response encrypted with your key.
What's stopping my ISP from intercepting my key? Then the whole thing is pointless
en.wikipedia.org
They can intercept all the keys they want.
I can drive to a strip club and give people my first name, and people can even see my car outside.
But it would require a creepy stalker to actually tie these things together and get my identity, sell the facts to some random company who then sends me mail with advertisements about their products.
The creepy stalker in this scenario is the ISP.
I'd probably do it for the hell of it, but not to turn a profit.
>what is a side channel attack
Like someone who goes to parking lots and leave you flyers on your windshield? What a stalker.
>Like someone who goes to parking lots and leave you flyers on your windshield? What a stalker.
If they were following you around everywhere and keeping tabs on your movement so that they could sell the information to advertisers, yes.
if you walk around with your username and password printed on your T-shirt it's not an invasion of privacy when someone logs into your account.
>never do anything, that's how you stay safe
>username and password
What does that have anything to do with this situation?
Don't fuck your girl in public and don't wear a ski mask to the store. Seems pretty easy to me.
Basically saying don't share private information with the public, and don't try to hide public information that doesn't matter.
You don't walk around town with a Guy Fawkes mask on, people see your face, you don't care. Care about your privacy that matters, and keep it secure.
>Basically saying don't share private information with the public, and don't try to hide public information that doesn't matter.
They can still gather information about what news you read and sell that to advertisers. They can learn a lot about someone that way.
best part about this is even if you're on a freedom loving ISP your packets can still be spied on when they leave one ISPs network to another for faster path
>http is going to be deprecated soon.
They managed to block that by interfering with the standards process. We live in an age of limitless corruption.
"Advertisers" could be anyone. Background checking agencies responsible for employment screening, for instance, could buy a report on how much you agree with their political bullshit without even reading your resume, let alone getting your permission to do so. Not that google and facebook aren't worse since YOU CANNOT BLOCK THEM, but still, fuck ISPs.
>the year is 2016
>wake up in the morning
>turn on my computer with an Intel Botnet Engine enabled processor
>go to my kitchen
>my botnet of things coffee botnet is already brewing my a cup of coffee from a DRM enabled coffee cartridge
>return to computer to see it's fully booted into Microsoft Botnet 10
>connect to the boternet with Google's Botnet browser
>remember something I was thinking about last night and use Google's botnet engine to search for it
>find a result on botnetbook and go to it
>get a call on my smartbotnet
>boss needs me to come in today
>hop in my car with the mobile botnet package and head to work
It isn't a grave, it's the botnet you chose.