HTTPS, Good for Privacy or Security?

An explanation into the confusion some Internet users have with HTTPS' security versus VPN's privacy.

HTTPS Does Not Hide Meta Data

Episode # 4-26 available on : Youtube Blip.tv Vimeo 
Download : MP3 Audio MP4 HD Video 

Released: March 16, 2014

When it comes to privacy on the Internet, who do you think is recording the most data on you? Who knows when you use the Internet? Who is the one who sees all your traffic? Your Internet Service Provider.

Whether you are downloading torrents, going to watch porn, learning about new things online, or getting around unfair practice like bandwidth throttling of specific web-sites, your privacy is your number one concern.

What kind of information is actually collected by your ISP, NSA, Governments around the world, etc...? The meta data.

What is meta data?

Meta data, is basically data about data. In the case of the Internet, and you, the data they record is your IP address, the origin IP address of the data requested, data and time, type of data included, means of creation, etc... Recording the actual data is not done because of the sheer amount of space that would be required to record the entirety of the Internet repeatedly. They record all the information in the header of each of individual packet coming along the Internet from servers to your computer.

What can be done with this kind of meta data?

You can tell where a person has been on the Internet. If for some reason a group of suspected people where to visit a site of interest on the Internet, you could easily conclude various scenarios based on the traffic requests of the users. While a user visiting the web-site for the first time would be recorded as having gone, most programs with completely skip those users and opt to track users who frequently connect to that online resource.

Knowing that the meta data of every packet is being recorded by governments and ISPs, is there a difference between a packet sent over HTTP and HTTPS? Is HTTPS packets more secure and private? No, the difference is the content and the way it is sent over the Internet. HTTP packets are completely in plain text. The payload of a HTTPS packet is encrypted, but not the meta data otherwise sending the packet over the Internet would not be possible.

Is there a way to avoid having the meta data recorded by the NSA, Governments, ISP, etc...?

Technically speaking, no. There will always be packets leading from the server the data is requested from to the device that requested it. The question is not is there a way of avoiding having the meta data recorded, the real question meant is literally, is there a way to make it appear as though, you aren't the one doing the requests yourself?

What you need to essentially do is to send the packets you want, over another set of packets, in an encrypted format. In other words, the data you request should be part of the encrypted payload, and not as the request itself. This requires that you tunnel to another server over the Internet, known as using a virtual private network. While, the packets to the VPN will be recorded, the meta data from the actual packets you requested are part of the encrypted payload and decoded by your computer. Anyone spying on your connection basically sees nothing but your connection to the VPN, in other words, your ISP will no longer know what you are looking at, on the Internet. And, while it is possible to extrapolate what you may have been looking at online, depending on the number of connected users using that service, there is no easy way to always a guarantee that the conclusions made are correct, and therefore are not really valid for identification purposes.

In other words, HTTPS is secure, but inherently not private. HTTPS is great for protecting the content of web-sites from other normal and malicious users. But, when it comes to your ISP, NSA, Governments and other agencies around the world, the meta data itself is more important. In order to be both secure and private, use of a VPN is inherently required.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources

CommentsLogin or Register to post comment

Be the first to comment on this episode.

Posted by ask
March 16, 2014

Follow

Newsletter

html text

View previous campaigns.

Powered by MailChimp

Latest Comments

Completely Erased

It should remove all traces of the virus, provided the hard drive has no bad sectors on it. It it does, you the mentioned Spinrite to try to fix the hard drive then run DBAN after, but usually, DBAN can erase the entire drive without issue. I've used it on maximum and let it run almost 16 hours on my friends computer, that is why this episode exists.

Completely Erased

Great! I am going to run 'autonuke' on a machine that has polymorphic malware, not sure if it is in the MBR or somewhere else on the machine. Assuming autonuke runs fully without any error, will it remove the malware from the computer with certainty?

Completely Erased

Yes, it will wipe all data, including the master boot record on your hard drive. If you are unable to get DBAN to work correctly, consider using Spinrite to fix the drive so DBAN can work, rarely needed, good to have.

X

Log Into TQA Weekly

Register | Lost Password?