Dissecting SSL handshake

Test yours here

 

But the payload itself remains unreadable. Someone may be able to tell you're sending a facebook message (for instance) but they won't know what the message says. That's the point of SSL, isn't it?

If you want to be more anonymous, that's what tor and proxies are for. Tunnel your traffic through ssh, which encrypts everything inside the tunnel.

 

@ BrandiCandi

Hi, the concern though, is the "possibility" of browser fingerprinting etc.

 

Huh. If you're concerned about browser fingerprinting then you are certainly not going to rely on SSL to anonymize you.

The purpose of SSL is to prevent eavesdropping and tampering of traffic between a client and server. It's not to make you totally anonymous. The message is safe but you're not invisible. If you want to hide things like your browser and OS from websites, then you need to browse in private (IE and FF have those options, I'm sure others do too). In FF you can also tell websites that you don't want to be tracked. I have tested the latter option and when I land on a web server, they don't list my OS or browser. See the screenshot to prevent websites from tracking you in Firefox:

 

@ BrandiCandi

Huh, well the reason i posted the link, was to show people that "maybe" didn't realise, SSL isn't as Anon as "some" may think.

Yeah, i have my FF sorted, thanks

 

SSL has never been about anonymity. If people believe that, they have never understood the purpose of SSL. But, that's not the fault of SSL.

SSL has many problems (specifically with the PKI) but it does a good job as far as privacy is concerned.