Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

[The Conversation] What the Investigatory Powers Bill will mean for your Internet use

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1220
Joined: Wed Feb 05, 2014 3:47 am

[The Conversation] What the Investigatory Powers Bill will mean for your Internet use

Postby parityboy » Tue Nov 10, 2015 6:09 pm

Through pressure from Google, Facebook, and other major providers such as Yahoo and Apple the world wide web is slowing becoming more secure, with web services using HTTPS to encrypt web traffic by default. However, the arrival of the draft Investigatory Powers Bill raises questions about who can potentially get access to what – here are some answers.

Can anyone see all my web requests?

Yes. Whenever you see HTTP in the browser’s address bar then any data sent over the link will not be encrypted. This means the address of the page and domain you’re browsing, and any data you send, such as in a form, and any data which is returned.

Can anyone see my web requests if I use HTTPS?

No. If you see HTTPS in the browser’s address bar then the connection is encrypted using SSL/TLS. Only the IP address of the destination (and the port used, usually 443) can be determined. No details of what pages or resources were accessed, nor any further data sent over the connection will be accessible. Google, Facebook and many other major online services now use HTTPS by default, so all your Google search requests, for example, are protected and your ISP cannot see the URL and the results of the request.

If I use HTTPS, will anyone be able to access my details from the remote web server logs?

Yes. HTTPS tunnels encrypt data across the internet to prevent eavesdropping, but the traffic is decrypted at either end so the server log will show details of which IP address has accessed what resource and when. As the SSL/TLS used by HTTPS uses a client-server model, the key required to decrypt the connection is available on the server – unlike with end-to-end encryption services where only the parties involved have the decryption key. This means spies and investigators could serve a warrant and demand the service provider hand over its copy of the decryption key and access your communications. HTTPS only protects the transmission of the data over the internet, and the full details of the request and reply can be logged on the server.



Source

Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 12 guests

cron

Login