P
P
Philip Gavrilov2018-07-06 12:00:43
Encryption
Philip Gavrilov, 2018-07-06 12:00:43

What can the government read if I only use https?

I can't figure it out completely. Is it true that if I visit exclusively https-resources, the government will store my encrypted garbage for half a year and will not be able to read anything? Or is it not?

If so, then what's the point of storing encrypted traffic for such crazy money?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
S
SagePtr, 2018-07-06
@SagePtr

The government is 15 years behind technology. 15 years ago, HTTPS was used quite rarely, so the government still thinks that everyone sits on HTTP and uses ICQ, which Klimenko recently advised switching to)
Therefore, they introduced laws that, in those realities, may would have worked, but in modern times they are of no use.

C
chupasaurus, 2018-07-06
@chupasaurus

The government can read which domains you go to (SNI is not encrypted).

C
CityCat4, 2018-07-06
@CityCat4

At the moment - where they went (external url, no details inside the site), when they went, how long they stayed, what amount of traffic they sent and received. What is called metadata. Movements within the site (let's say YouTube URLs) and so on are not yet visible.
Why so far ? I somehow already explained how the bumping mechanism works when https does not save from disclosure of traffic on a corporate proxy. So now we have a similar situation as in an office, where the management begins to tighten the screws on the use of tyrnet. How does this usually end? Bumping for everyone, whitelisting for those who are especially dissatisfied. And if the office has a way out, say, to walk from the phone, then such a move is not visible here either.

S
Stanislav Bodrov, 2018-07-07
@jenki

The elders say that back in the 80s there were rumors in some research institutes about possible successful attempts to attack the RSA algorithm. Since then, a lot of water has flowed under the bridge, we have learned that behind the scenes there was differential cryptography, the power of elliptic curves.

my encrypted trash
Is there reliable information that the key that verifies the certificates of any trusted and sub-trusted centers is not on someone's shelf (a stone in the garden of detractors of self-signed certificates)?
what is the point of storing encrypted traffic for such big money
Big Data - it doesn’t matter what cats you looked at on the site, it’s enough to know what time, from where, where, on which site, and then who knows what algorithms or machine learning there are, but the transition graph will be built and the site will be parsed. Well, your traffic will still be in the appendage.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question