What benefit is there to using https instead of http for 4chan?
>no credit cards or passwords are being transmitted, only shitposting (inb4 >hurr durr like dis post lmao)
>and my ISP and/or govt can still see what I'm posting anyway if they want to, right? Hell, even the thread title is in the URL
>hurr durr like dis post lmao
>>51777672
Why not ?
If you can add security and the way is kinda reliable, why not doing it ?
>hurr durr like dis post lmao
>my ISP and/or govt can still see what I'm posting anyway if they want to, right? Hell, even the thread title is in the URL
no they can't
all they know is you made a https request to boards.4chan.org, even the URL part after this is encrypted.
>>51777672
>my ISP and/or govt can still see what I'm posting anyway
no they can't, that's the whole fucking point of https
https://en.wikipedia.org/wiki/HTTPS
>>51777672
>and my ISP and/or govt can still see what I'm posting anyway if they want to, right?
Have you actually looked what HTTPS is or you're just here for "le epiccc bait XD"?
>hurr durr like dis post lmao
>>51777736
> even the URL part after this is encrypted
what
>>51777672
>STILL liking golem
>>51777736
Is HTTPS really that secure?
I mean. Website owner providing information aside. If I visit say, youtube, would my IPS only know I visited youtube and not what video I watched?
>>51777672
>Hell, even the thread title is in the URL
please explain at which point in the HTTPS session this information is sent in clear text.
guys I think he stumbled on a new attack on tls.
>hurr durr like dis post lmao
>>51777891
What he said. Hostname is unencrypted (although there are efforts to encrypt SNI, and some proposals to encrypt DNS hops). The pathname (after .org) is transmitted inside the encrypted stream and is not visible to passive attackers (or to active attackers without certificate shenanigans that risk exposing the attack).
>>51777672
Firstly: SPDY or HTTP/2, supported by the CloudFlare CDN front-end, is much more efficient at downloading lots of multiple image thumbnails without needing lots of TCP connections. You'll only get that with TLS.
Secondly: Even if the site is entirely public, any unencrypted site is unauthenticated and can be used to mount DDoS attacks on other people. China have publicly demonstrated this capability, and GCHQ and NSA have the developed ability to do it too.
Thirdly: They probably don't know what board you're browsing, no.
>>51777958
Yes, they only know you're on yt,
unless they get resources over http which include page info
>>51777958
Correct.
ISPs often co-locate YouTube content mirror boxes, but they don't have access to those.
>>51777997
>>51778014
That's neat. Never knew that. I have HTTPS-Everywhere but I wasn't really sure what it did apart from "being more secure".
I should really learn more about networking.
OP here
ok i had no idea
i was thinking of switching to unencrypted because then i could save data on my phone
but i didn't realise https hid even the url
that definitely outweighs saving a few
megabytes.
thanks /g/uys
>>51777997
>>51778014
not quite.
they see where he connected and how big the transfer was, based on that they can try to guess what it was.
>>51777907
Please go.
>hurr durr like dis post lmao