> On 2020/Jan/17, at 11:18 am, David <[email protected]> wrote:
>
> On 16/01/2020 6:13 pm, Kim Holburn wrote:
>
>>> On 2020/Jan/16, at 5:54 pm, David <[email protected]> wrote:
>>> Even with some form of secure & encrypted DNS from clients to trusted
>>> servers, ISPs could still see each web-page URL with the host name replaced
>>> by its resolved address.
>> That'd be very bad security. As I understand it, the encrypted stream is
>> established first, then the URL sent encrypted. To do it the other way
>> would be a security breach.
>>>> So the security agencies could still monitor an agent of interest, but
>>>> selling users' browsing history would probably involve too much work to be
>>>> worthwhile.
>
> You're right, the TLS session is established first, then the HTTP session.
> Not thinking...
>
> However I was trying to make this point. If an ISP client uses DNS & HTTP in
> the clear then it's obviously easy for their ISP to monitor their browsing
> history. But if they use DOH/DOT & HTTPS the ISP still sees destination IP
> addresses, so monitoring is still possible if the ISP is prepared to look
> them up,
Except for many websites on multi-site hosts. It becomes very hard to tell.
Some servers host hundreds and even thousands of websites.
> but I suspect the business model begins to collapse.
>
>> A sensible "agent of interest" [to the security agencies] would be using a
>> VPN no?
>
> Yes, if they're using a VPN to a third-party intermediary and are technically
> aware, but I imagine the security agencies have ways of dealing with that
> sort of suspicious behaviour.
Do tell. Many people have started using VPNs for a variety of reasons, mostly
to do with privacy. Many VPNs don't log connections and many are in other
legal jurisdictions.
> The IP address is more reliable than the text of a URL.
But there is not necessarily a simple mapping between IP and website.
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:[email protected] aim://kimholburn
skype://kholburn - PGP Public Key on request
_______________________________________________
Link mailing list
[email protected]
http://mailman.anu.edu.au/mailman/listinfo/link
