Comment on Man Found Guilty of Child Porn, Because He Ran a Tor Exit Node
housepanther@lemmy.goblackcat.com 1 year agoThat is not completely true. Often the payload is encrypted but not the metadata. It is the metadata that usually is the cause of privacy issues.
Jamie@jamie.moe 1 year ago
I think you might misunderstand what metadata is. The type of metadata you might be referring to are simply tracking methods employed on webpages by the likes of Facebook, Google, and other advertisers. But those are encrypted as well, they’re not open to view by anyone in the middle because they also utilize HTTPS. The vulnerability they pose is the potential for that data to be given up, or subpoenaed on the database end. There is no magic unencrypted data sent when dealing with accessing a website except, as mentioned, possibly the DNS query, which can be easily encrypted via DoH.
Except, VPNs and Tor aren’t even magic bullets for privacy. The moment you log into a service, you lose your veil of privacy if your activities can be reasonably linked. To really remain private, you would need to use Tor Browser, likely over a VPN, preferably on a live booted system like Tails, and forego any usage of JavaScript or account logins. Doing anything different exposes you to tracking methods. Which removes you from using the majority of the Internet.
beatle@aussie.zone 1 year ago
stackoverflow.com/…/are-https-headers-encrypted#1…
Findmysec@infosec.pub 2 months ago
As it turns out, eSNI (to take that forward, eCH) has become common in modern browsers with a supported DNS provider
sloppy_diffuser@sh.itjust.works 1 year ago
There is work to hopefully improve this situation for SNI at least: datatracker.ietf.org/doc/draft-ietf-tls-esni/.