Question: Can my ISP see the website address I'm visiting if it's HTTPS?
Question: Can my ISP see the website address I'm visiting if it's HTTPS?
Owen Taylor
Other urls found in this thread:
scirate.com
localhost
twitter.com
James White
Yes. They won't be able to see the subdomain or any paths/queries on the domain but they will be able to see Sup Forums.org but not that it is Sup Forums
Luke Foster
Yes. They can see DNS domain queries. Use a VPN with its own DNS or some shit like DNSCrypt.
Cooper Cook
Interesting. Thanks!
Anthony Richardson
piggy
Aiden Stewart
No
Cameron Rodriguez
After the DNS lookup you will literally be sending your queries to Sup Forums's IP. It takes exactly 1 DNS lookup from your ISP's side to bypass your autistic encrypted DNS encryption setup.
Use a VPN if you actually want to hide from your ISP.
Also, DNSSEC or DNSCrypt are still useful to prevent dns mitming
Hudson Bell
what if i use google DNS?
does my ISP see then?
Tyler Martin
bump
Cooper Bell
They can see the hostname in plain text, ie boards.Sup Forums.org for each request. Everything else from within HTTP is encrypted. The reason the hostname is visible is to make it possible for servers to know what certificate to send to you before it receives and can decrypt the Host header from HTTP.
Cameron Wright
keep in mind that while in theory they shouldn't be able to see the request *content* (the ip you are connecting to is obviously available to them), if there are compromised CAs, they can.
Grayson Jackson
HTTPS encrypts all data, including the headers. Only exception is when the server uses SNI (which is required for multiple domains under one IP address)
Daniel Thompson
Yeah, that's what I meant. Does the server have to use SNI or will clients always assume it does and send the hostname?
Jayden Jackson
First off, google is botnet. If you're concerned about privacy why are you even considering anything made by google.
Second, yes, your ISP sees the IP address of EVERYTHING you connect to. This means that, if you have cleartext DNS queries, your ISP will see you make the query for Sup Forums.org, and then connect to that. However, if you encrypt your DNS query, your ISP will only see an encrypted query to whatever DNS server you use, and will then see you connecting to 104.16.118.221. It takes 0 effort to find out that that's Sup Forums.org's IP.
Google DNS isn't encrypted or anything by the way afaik.
I think that's not necessarily the case if you only have 1 host per IP though.
Yes but since the headers are encrypted, if you have several virtual hosts on the same IP, how to you serve the correct certificate? By receiving the host name using SNI
David Hernandez
>Yes but since the headers are encrypted, if you have several virtual hosts on the same IP, how to you serve the correct certificate? By receiving the host name using SNI
Disregard this, I can't read
Landon Diaz
you have no idea how DNS works kiddo, pls stop posting
Alexander Taylor
>he doesnt host his own DNS on his RasPi
normies please leave
Matthew Scott
Actually, subdomains are disclosed through DNS as they are resolved seperately. Actual URL paths and search terms are not
Grayson Miller
Please kindly point out what was wrong
Isaiah Ramirez
DNS is not capable of logging visited URLs, because it has nothing to do with URLs (just domain names, but not the protocol or the path).
Nathan Bennett
It's still reasonably trivial to determine the page or guess the set of pages being looked at based on the number of requests, size of responses, and where the requests are directed.
E.g. Going to Sup Forums your browser will additionally request a set of flags from s.Sup Forums.org where as Sup Forums won't make that request. The ISP won't know for certain that it was flags you received but based on size of payload and that you made that extra request it is likely. Equally picture heavy boards will show a different profile than more text orientated boards.
This can apply to other sites where different pages might make additional requests to load videos or hotlink youtube or a very specific offsite content
Asher Powell
damn you're fucking retarded, i said that you should stop posting
Luke Collins
Yes, and? Where did I claim otherwise?
Ian Brooks
He's not me, and he's right. Even HTTPS encryption does not obfuscate - or only minimally obfuscates - request sizes, timings, etc.
This is similar to how tor can be compromised.
Ethan Evans
>Use a VPN
I don't see the point when 95% of my web surfing is done on Sup Forums
Isaiah Kelly
wrong, wrong and wrong
Kevin Butler
You fucking idiots
Your ISP can only see the domain name of the site that you connect to, and nothing else.
Jesus crists read how HTTPS workd you fucking degenerates.
Benjamin Hughes
Great argument 10/10
Who itt claimed otherwise
Jack Nguyen
I remember planking
Anthony Howard
The address and domain are different things
Carson Morales
This isn't the same paper I was thinking of but comes to similar conclusions.
Whether this highlights a risk to your threat model is up to you to decide.
I believe whatsapp and signal transmit additional data in order to attempt to counter this bust don't have a source proving whether this is the case or not.
Revelations of large scale electronic surveillance and data mining by governments and corporations have fueled increased adoption of HTTPS. We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10 widely used, industry-leading websites in areas such as healthcare, finance, legal services and streaming video. Our attack identifies individual pages in the same website with 89% accuracy, exposing personal details including medical conditions, financial and legal affairs and sexual orientation. We examine evaluation methodology and reveal accuracy variations as large as 18% caused by assumptions affecting caching and cookies. We present a novel defense reducing attack accuracy to 27% with a 9% traffic increase, and demonstrate significantly increased effectiveness of prior defenses in our evaluation context, inclusive of enabled caching, user-specific cookies and pages within the same website.
Wyatt Howard
Literally what the first answer said but thanks for repeating
Jackson Thompson
That's really sad
Parker Garcia
Subdomain is sent in plaintext not just through the dns lookup, but in the handshake too.
Bentley Thompson
Lets change the situation a little bit: Now I'm using DNSCrypt. What can they see now?
Jackson Gutierrez
Sup Forums btfo
Leo Diaz
The host name including subdomain (eg. sys.Sup Forums.org) sent in plaintext in SNI (server name identification), as multiple anons have already pointed out. You can't turn off SNI as it is a critical part of HTTPS. Furthermore, the IP address is still unique to Sup Forums (except for the cloudflare cached stuff ofc).
Cooper Richardson
such as cute little piggy such a shame i am going to be eating one of his brothers later
John Ward
nothing to hide
nothing to fear
Robert Barnes
Nothing to live for.
Samuel James
holy shit btfo
Gabriel Morgan
Question somewhat related, how would I block a certain url but not the whole site, like for example a certain Sup Forums board on the windows hostfile?
Kayden Watson
This cannot be done with hosts as it only works with domains. However, you may be able to add rules to your adblocker.
Julian Gutierrez
This thread's url:
This means that this data comes frome the directory path: Sup Forumsthread/61352462 on the IP associated with boards.Sup Forums.org
The ISP can see you connecting to "boards.Sup Forums.org" but not the directory on the Sup Forums server Sup Forumsthread/61352462
Nor can they see the actual data transferred such as images, etc.
Tyler Barnes
download xampp, download wireshark, start apache, start wireshark, capture traffic, visit localhost then click around a bit and observe for yourself
Andrew Harris
>uses locks on his doors
>Blinds on his windows
>Closes the door when he uses the bathroom
Daniel Price
They just assume AFAIK