Does this lock really make a difference ?
NSA has direct monitoring on that, unsecured http is just for fags shitposting
>>52163798
Yes.
>>52163798
not really much but at least my ISP doesn't know in which board I lurk on 4chan
>>52163987
I know you lurk /a/
>>52163987
They do know which board you lurk.
>>52163798
Yes
>>52163828
>NSA has direct monitoring on that
sauce?
>>52166624
>sauce
Seriously dude?
>>52163798
Packets sent with https are encrypted, so yeah I'd say it makes a decent difference
>>52166749
>>52166764
*tips foil fedora*
>>52166638
Showdem
>>52163798
If you use HTTP then all kinds of people can listen in:
People on your wifi
People who broke into your router
People tapping underground cables
Your ISP
The anti-piracy team at your ISP
People in the countries your traffic crosses to get where it's going
Three Letter Agencies (with effort)
Advertisers
People who broke into the server at the website you're connecting to
Using HTTPS knocks it down to
TLAs (with effort)
Advetizers
and People who broke into the servers at the server you're connecting to.
>>52166624
>sauce
unless you've been hibernating for the past 5 years then you should know.
>>52166749
>Packets sent with https are encrypted
No they aren't. Packets sent in HTTPS layer are encrypted with TLS. HTTPS provides no encryption what so ever.
>>52163798
Nah
From script kiddies or someone doing snooping on a public wifi mostly, which is still good protection to have.
The lock?
Well it's just a graphical icon.
The underlying technology behind a https connection?
It matters VERY much.
It's the difference between a postcard and a sealed letter, and in a system where every piece of digital mail is read or intercepted by dozens of agencies around the world- yes.
>>52167391
>Packets sent in HTTPS layer are encrypted with TLS
>HTTPS provides no encryption what so ever.
does a padlock protect your bike
>>52167688
>It's the difference between a postcard and a sealed letter
Or more realistically they're both postcards and the NSA is the guy who sorts the mail at the post office.
>>52166624
>They do know which board you lurk.
How? Shouldn't they just see you're on 4chan and that's it?
Yes, it does. And you can judge the competency of a website's administrators based on whether they force HTTPS or not.
They still know where you go, which tells a lot by itself.
>>52163798
The lock, no, that's just a UI element. But still using plaintext HTTP in 2016? Yes, that matters, you fool. I bet you still use Telnet, you stupid faggot.
You have no excuses anymore. None. Deploy HTTPS now for everything that currently uses HTTP. https://letsencrypt.org/
Use ECDHE-RSA-AES256-GCM-SHA384 or ECDHE-RSA-AES128-GCM-SHA256. When it's finalised (which is very soon), also use ECDHE-RSA-CHACHA20-POLY1305-SHA256.
ECDSA is OK if you can use it, have audited code and have a good random source, but EdDSA is much safer. That is not yet deployed in TLS.
It's OK to use secp256r1 for ECDHE in TLS (but X25519 is better, when you can do that soon).
Absolutely.
>There are people in this thread RIGHT NOW that don't have HTTPS Everywhere installed
>>52166764
what does this mean ?
>>52170409
No, your ISP can see the exact webaddresses that you visit.
>>52171167
>mfw HTTPS Finder disabled because it's not signed
>>52170263
Not in Detroit.
>>52171136
>>52171167
But, no one gives a fucking shit about HTTP vs HTTPS
What does it matter
Literally nothing
I don't care
>>52171179
>>52171179
you're literally retarded. if you're using HTTPS they can't see shit except for that you are doing something on 4chan.
>>52171191
THANKS SJWFOX
Goddamn firefox disabled adblock edge and gave my mom cancer.
>>52171179
Your ISP can see whatever data you send to them. Plaintext HTTP over port 80 they can see everything you're doing. HTTPS on the other hand encrypts most of the packet data, including HTTP headers. So they can only see the IP address and port you're connecting to. So right now my ISP only sees that I've connected to 104.16.64.203 on port 443. If they do a whois on that IP address it will just say it belongs to Cloudflare. It's still possible to discover that it belongs to 4chan, it just takes a bit more work. Of course, this is all assuming you're not using your ISP's DNS servers.
So if you're using HTTPS your ISP has no idea what boards you're visiting or what you're shitposting on them.
>>52171291
unless the server uses SNI, then they know at least the hostname, but not the exact URL.
>>52171254
just use mvphosts anon
>>52171291
>Of course, this is all assuming you're not using your ISP's DNS servers.
Even if you aren't, they can still sniff it because DNS traffic isn't encrypted.
>>52171211
Alright mate, go do some banking on a public access point without HTTPS then.
Hell, you probably aren't even aware of sidejacking attacks.
>>52171316
That's true. Those types of sites are usually shared vhost environments and you've got more to worry about at that point anyway.
>>52171252
Yea, packets through https are encrypted.
But I don't think that would matter if there was a backdoor. Right?
>>52171331
Not if you use dnscrypt. This is all in the /g/ wiki by the way.
>>52171291
>Of course, this is all assuming you're not using your ISP's DNS servers.
Which DNS should I use to be protected as much as I can be by using different servers?
>>52171331
But they would have to do that in real time right, they can't figure shit out after the fact?
>>52166897
what the fuck
https://www.youtube.com/watch?v=XM_Ew6zsnDY
>>52171360
https://wiki.installgentoo.com/index.php/Anonymising_yourself#DNS
>>52171376
Depends on the extent of their logging. Storage is cheap these days. As an example, I work for the government and we log all websites that employees visit for seven years.
>>52171404
So using dns servers like open nic, without dns encryption software literally does nothing?
>>52171428
It makes it a fair bit harder. It's a lot easier to archive logs of a DNS server you own that it is to sniff packets for DNS info and store that information somewhere.
>>52166905/thread
>>52171428
Yeah, pretty much. Do a traceroute on the IP address of your currently used DNS server (in Windows open a command prompt and type "tracert <IP Address>")
Any of the hops between you and your DNS server (as well as the owner of the DNS server) can see every single website you ever visit when you're not using dnscrypt. And that's just DNS metadata. When you're browsing the internet over HTTP instead of HTTPS, any of those intermediary hops can not only see the websites you're visiting, they can see everything on those sites, your session data, and so on. They could sidejack your session, impersonate you, and do whatever they want.
>>52171211
Without https you would not be able to buy things on amazon, you would not be able to use facebook, google would not function as it couldn't secure your personal information, no communication of any value at all could happen online, as if it was valuable and put over HTTP it would be targeted.
>>52171291
When I'm already on 4chan (https) and I click on a thread link in the catalog... does that link URL go through a DNS again or is it connected directly hidden from the ISP?
And what if I'm not yet on 4chan and I copy-paste a 4chan thread link?
>>52171495
Modern browsers cache DNS queries for some time. Windows also caches DNS queries. So usually you don't make a DNS request on every connection.
>... does that link URL go through a DNS again or is it connected directly hidden from the ISP?
If you make a request over HTTPS, the link itself is hidden from your ISP. From a fresh web browser with nothing cached it works like this:
>Open browser
>Paste >>52163798 and hit enter
>DNS query for boards.4chan.org resolves to 104.16.64.203 (unencrypted unless using dnscrypt)
>Establish TCP connection to 104.16.64.203
>Do HTTPS handshake
>Send HTTP headers (encrypted)
>Receive data
HTTP headers include data like this:
>GET /g/thread/52163798/does-this-lock-really-make-a-difference HTTP/1.1
>Host: boards.4chan.org
That data is encrypted on HTTPS connections and unecrypted on HTTP connections. So on HTTPS connections they can't see which threads you're visiting.
>>52171603
So I'm guessing having the "HTTPS everywhere" browsing plugin is a good idea?
or is it a secret botnet?
>>52171750
It's not only a good idea, it's such a good idea that it should be built into browsers by default.
>>52171750
yes, and this is why lets encrypt is such a massive step forward to getting the entire web to use it
>>52171793
>Let's Encrypt
My nigga
Everyone should be using it desu
>implying some root certificates aren't compromised by the NSA
>>52171773
HTTPS everywhere shows 4chan as only partially encrypted, what does that mean?
>>52171793
That's only for websites right?
>>52163798
It means the connection between you and the server is encrypted, and no one can eavesdrop, unless the cipher used to encrypt is broken or if you're the victim of a man in the middle attack.
>>52171869
no, it means much more than than
>or if you're the victim of a man in the middle attack.
this is exactly what SSL/TLS prevents (as long as the CAs aren't compromised)
Looks more professional and is supposed to be safer
>>52163798
no. it only makes the connection slower. botnet too, most likely.
>>52163798
Most of the standards have been compromised.
Half the web was using RC4 which was being decrypted in realtime.
Then the other half was using DHE and reusing the same moduli. Ergo realtime decryption after cracking a couple of primes.
Tip: Make sure all RC4 / DHE settings in firefox about:config are FALSE.
Even then, half of the idiotic sites are using cloudflare... Like this one.. Oops.
>>52172311
>cloudflare
b o t n e t
o
t
n
e
t
>>52171167
BECAUSE WHEN i installed it 50% of all websites went blank
shit addon by shit organization
>>52163798
It means mr shark has blessed you with protection and encryption. You should thank him.
>>52171340
I do my banking stuff on my iPhone :^)>>52171485
>>52171485
What's Amazon?
Also, I only use Facebook on my phone, I seldom use Google, and I don't do any "valuable" communication via the internet.
>>52172359
Banking on your iPhone uses https.
Without https everyone could use your facebook account
So I should be using dnscrypt ? Is there any downsides like messing with multiplayer games, or anything ?
>>52166905
This gus gets it. To say it again: https is nothing special because the ISP can see which server you connected to, as far as I know even the name of the domain (nothing more from the url) and then just go to the serveradmin which tells them "oh yeah [ip] looked at [threadname+link]" from the apache/nginx logs.
>>52172416
HOW DO I STOP IT
>>52163987
>thinking https hides the url you're visiting
>being this ignorant of networking
>>52170478
This
I enabled (and forced) https on my site as soon as I got my domain name and letsencrypt, even though there isn't even anything that needs encrypting. Https should just become the default from now on, with http only used for shit you run temporarily for testing purposes.
>>52171191
Https finder hasn't worked in years becauser the dev quit. Has someone picked it up again?
>>52166764
This is not NSA smiley.
I found it in the XML file for Gnome's Mist metacity theme from 2002.
From now on we all shall call the Caret Nose Smiley
Mist smiley
>>52172587
>>52171353
dnscrypt slowed my lookups down to a crawl.
i couldn't even play games anymore without having a 400ms ping. The shitty part is that there's no locations close enough to me
>>52172587
just how fucking bored you have to be to look for smileys in 13 year old gnome 2 themes
>>52172322
This
I don't know why, but https everywhere has some major problems with a lot of sites.
>>52172631grep -r / ":^)"
>>52172654
This won't workgrep -rnw '/' -e ":^)"
This will
>>52171378
>asks for sauce
>a YouTube video.
>>52171853
>HTTPS everywhere shows 4chan as only partially encrypted, what does that mean?
They most likely haven't updated that text string since before 4chan had Cloudflare providing HTTPS. Back then it only sorta worked on 4chan. It's nothing to worry about now since there's actually functioning HTTPS support.
>That's only for websites right?
Let's Encrypt works for things other than websites, but there's a few things that can make it difficult for those. For a regular LAMP stack it's super easy to generate certificates though.
>>52172625
That's a shame. It would probably be usable if you set up local caching or something. Obviously it'd be easier if there was a closer server to you.
