undefined | Better HN

0 pointsetskinner8y ago0 comments

End-to-end encryption like SSL (https) is meant to limit the middle man's ability to 'see everything'. Instead of seeing the details of your Google search, all they see is that you accessed Google at [x] time, and exchanged [y] amount of data.

This is why there is such a push for end to end encryption on web traffic, chat apps, etc.

0 comments

Scottn18y ago

ISP can very easily see what you searched for even with SSL. SSL encrypts the TRAFFIC so they can't see the content of the webpages, But your search terms are right there naked in the URL even though it is https secured. This is unfortunately the case for Google, Bing and even DuckDuckGo. Try it and you can see for yourself.

At least DDG offers in their options to scramble the URL but one has to know about that feature AND enable it. It is in their settings under Privacy and you have to turn OFF GET (2nd option). https://duckduckgo.com/settings#

tombrossman8y ago

> But your search terms are right there naked in the URL even though it is https secured

You are correct that the terms are in the URL, however only the browser and endpoint can see them. All your ISP sees is that you accessed example.com, and not example.com/search-terms-here. The TLS handshake is for the domain only, then encryption kicks in, then everything after is encrypted.

Your ISP cannot see what you are searching for, they can only see which sites you use for search.

pritambaral8y ago

URLs are not sent in plaintext under HTTPS. Only the hostname is, and only for SNI.

j / k navigate · click thread line to collapse