Discussion Forums > Technology
Can ISPs see the full adress you put into the adress bar?
CappinHoff:
--- Quote from: Pentium100 on August 18, 2012, 07:22:01 PM ---
--- Quote from: kitamesume on August 18, 2012, 07:10:39 PM ---^ i think proxies under HTTPS works too.
--- End quote ---
HTTPS proxy will make it impossible for your ISP to see the data, but the proxy operator will see it (and will know your real IP). TOR makes it so that no node knows who you are, who you are talking to and what you are saying at the same time (the first node will know your real IP, but not the server or data, the last node will know the server and the data, but will not know your real IP, intermediate nodes know neither your IP nor the data).
--- End quote ---
It won't make it impossible, it'll make it almost impossible. If an ISP really wanted to see what you were doing they could.
Pentium100:
--- Quote from: CappinHoff on August 19, 2012, 12:56:37 AM ---It won't make it impossible, it'll make it almost impossible. If an ISP really wanted to see what you were doing they could.
--- End quote ---
What? HTTPS or TOR?
With HTTPS, unless the ISP gets a valid certificate for the destination address, it's not going to happen (at least if the user is careful). It is possible to track someone using TOR, but it is very difficult and requires cooperation of multiple ISPs (since the data goes trough multiple intermediate nodes).
Similar with VPN - unless the ISP manages to get the private key of my CA, it is not going to be able to sniff out what I am sending over my VPN connection.
CappinHoff:
--- Quote from: Pentium100 on August 19, 2012, 07:46:34 PM ---
--- Quote from: CappinHoff on August 19, 2012, 12:56:37 AM ---It won't make it impossible, it'll make it almost impossible. If an ISP really wanted to see what you were doing they could.
--- End quote ---
What? HTTPS or TOR?
With HTTPS, unless the ISP gets a valid certificate for the destination address, it's not going to happen (at least if the user is careful). It is possible to track someone using TOR, but it is very difficult and requires cooperation of multiple ISPs (since the data goes trough multiple intermediate nodes).
Similar with VPN - unless the ISP manages to get the private key of my CA, it is not going to be able to sniff out what I am sending over my VPN connection.
--- End quote ---
If you say so. I've worked for an ISP and what they can see and do would surprise you.
kitamesume:
ISPs can see whatever they want even with all those protection layers, i mean all they'd do is mirror the datas flowing and decrypt them without interfering with the lines. the part with the decrypting though would be what they'd have the most trouble with.
Pentium100:
--- Quote from: CappinHoff on August 23, 2012, 07:53:49 AM ---If you say so. I've worked for an ISP and what they can see and do would surprise you.
--- End quote ---
So, which part of my post is wrong (being proven wrong gives me an opportunity to learn)?
The only way to intercept data over VPN (AFAIK) is to do a MITM attack, however, certificates were created for the purpose of making MITM attacks extremely difficult, if not impossible. When connecting to my VPN, the computer only trusts the certificates issued by the CA that is in my server, so, unless you manage to hack that server and get the private key of the CA (assuming that server is actually connected to the network), you are not going to be able to impersonate my VPN server. A certificate from Verisign is no good, you need the one from my server.
Well, or the implementation could have some serious bugs allowing anyone to decrypt the captured data, but hopefully that bug can be found and patched.
HTTPS works similarly, but the downside is that there are a lot of CAs that issue certificates, If the ISP manages to persuade Verisign (or someone else) to issue it a certificate that lets it identify as my bank, then there's a problem.
--- Quote from: kitamesume on August 23, 2012, 03:11:16 PM ---ISPs can see whatever they want even with all those protection layers, i mean all they'd do is mirror the datas flowing and decrypt them without interfering with the lines. the part with the decrypting though would be what they'd have the most trouble with.
--- End quote ---
Well, if you can't decrypt the data then the protection did its job.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version