New Version HTTPS Everywhere

Discussion in 'privacy technology' started by manar58, Jan 27, 2012.

Thread Status:
Not open for further replies.
  1. manar58

    manar58 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    75
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    HTTPS is clearly necessary for some sites, but why would it be desirable "everywhere"?

    Note to admin: this might generate more interest in the Privacy Technology section.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If you just generally don't like your ISP seeing what you do/ don't want anyone between you and who you're talking to listening in on the conversation you might as well use HTTPS. There's not much performance hit and if a site supports it I think we can assume that they can handle the extra load.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Peace of Mind is a nice thing to have. I hope DuckDuckGo updates their list with the latest rules.
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    Agreed, but what is it about HTTPS Everywhere that gives you peace of mind?
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The same reason I don't yell my conversations when talking to a friend in a crowded area. I'm not planning to bomb some building, I just prefer to have my conversations stay between us.

    Knowing that my conversations with someone aren't being listened in on by anyone between me and the website is nice.

    Not to mention that if you don't use HTTPS and someone is doing MITM they can change the data in transit.
     
  7. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    Why isn't it on official FF addon page? And does it send our data to their developers somehow? :D
     
  8. goodjohnjr

    goodjohnjr Guest

    Good question Pandorax, I wondered the same thing, so I found this on their FAQ:

    "Q. Why isn't HTTPS Everywhere available for download from addons.mozilla.org like most other Firefox add-ons?

    A. We felt that the Mozilla privacy policy that applies to downloads from addons.mozilla.org is somewhat less protective than the privacy policies of the organizations that develop HTTPS Everywhere, and we prefer for HTTPS Everywhere users to be protected by our privacy policy. This decision could change in the future as Mozilla's privacy practices evolve or as we re-examine the details of the current Mozilla policy."

    https://www.eff.org/https-everywhere/faq
     
  9. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    I am in shame. Thanks.
     
  10. goodjohnjr

    goodjohnjr Guest

    Do not feel too bad, I had to cheat and search for the answer using Google SSL Search, hehehe ;) ; you are welcome. :)
     
  11. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    From their policy; https://www.eff.org/policy
    Whatever it is, i didn't like it o_O
    And i don't see any "Decentralized Observatory" feature in extension options!
     
  12. marktor

    marktor Registered Member

    Joined:
    Dec 4, 2011
    Posts:
    143
    I understand being an advocate of privacy you have to be on the watch for what companys and groups are doing. That said I must say I have ALOT of faith in the EFF. As to why you don't see the option to disable Decentralized Observatory it is because it will not be included until venison 2.0

    SOURCE

    Im sure if you download the development version of 2.0 it will probably have the option to disable the Decenteralized Observatory.

    No worries.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Indeed, from the changelog:
    2.0.0development.1 (2011-09-15)
    * Begin alpha testing for the Decentralized SSL Observatory!
    (currently opt-in, with a popup prompt if you have Tor Button installed)

    btw changelog for 1.2.2:
    1.2.2 (2012-01-09)
    * Google Cache is back!
    * Fixes: Wikipedia, Identi.ca, Verizon, CCC.de, UserScripts,
    Yandex
    * Improvements: EFF
    * Disable broken: NSF.gov, WHO.int
     
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Disabled here :)

    ssl.gif

    ssl2.gif

    And always have been able to on previous versions too !
     
  15. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Your ISP, by virtue of the fact that they do business with you, already probably has your real name, your home address, and your credit card or bank account number. They can't charge you without that stuff. No amount of encryption of the traffic you send over their wires after they've already taken down all your personal info will change what's on their servers or reduce their ability to sell that information to whoever they feel like.

    If you are worried about your ISP selling data about you, IMO this is a far, far bigger concern than the possibility they might snoop all your Web requests hoping they might occasionally stumble across a form submission that contains actual salable data.

    Your ISP will also know what hours you're usually online and how much traffic you generate / consume, though you could put technical measures in place to obscure those things if you cared. (Any such measures would themselves allow your ISP to detect that you are in the class of users who puts technical measures in place to obscure usage stats, which probably makes you much more interesting to certain groups.)

    After all its their network. You are their customer and you have to go out through their door to get onto the internet. 99 Percent of them use NARUS

    This is what NARUS do
    Total Network View” decision making through the real time collection and analysis of one packet to billions of packets across multiple networks.

    Network transparent collection and semantic analysis of traffic•Captures detailed, protocol-specific data in addition to collecting standard data•Interfaces directly to the network using Narus Semantic Traffic AnalysisTMtechnology

    Extracts information from network devices and service elements using standard protocols:-SNMP-Voice Mediated CDRs-CGF-LDAP•Highly configurable with the Narus VA Toolkit

    Extracts information directly off the wire
    Not a sniffer: session modeling and reconstruction
    Detailed visibility into user traffic
    Network transparent, non-intrusive

    Vendor and protocol independent: IP standards based
    Highly tuned appliance: 300-500Kbps
    Network efficient: 95-99% data reduction
    Network transparent collection and semantic analysis of traffic

    Let go off that idea you can hide from your ISP. You can't.
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    My ISP has loads of information on me, of course. But maybe I don't want them seeing my Wilders posts (poor example) or some other information I pass on a forum that isn't relevant to them.

    You're missing the point if you think this is about "hiding" from ISPs. ISPs will always know certain information - it's kind of like talking to someone in a foreign language, they still know you're talking and they still see where you are etc. but they don't know what you're saying. That's all it is.

    And there's also the fact that HTTPS prevents basic MITM attacks (depends on the situation.)
     
  17. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Internet Protocol Detail Record
    Remember that semantics is not just the data, but rather the meaning of the data. It looks at the the data in a more comprehensive way than looking for keywords. Each NarusInsight machine does this at 2500 million bits per second, in real-time. You really wonder why BushCo didn't want to talk about this stuff? It's the biggest invasion of privacy in history by several orders of magnitude.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    All it can see are the semantics - whatever that means. If I use HTTPS right now it might be able to understand how Wilders is being used but they aren't cracking the encryption.

    And that still leaves the fact that MITM attacks can be broken through ssl.

    The link is broken.
     
  19. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    well you sure wont have your isp sniffing info from you if you use a good non logging vpn like vpntunnel.se etc , protip , no need to slow down your website access
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes you will. Your ISP is what brings you do that VPN.
     
  21. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    sure but all they see is you using a vpn not your traffic so whats the problem?

    p.s: btw a hello to everyone im a long time lurker first time poster xD , nice to be here
     
  22. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    The data between you and the VPN is encrypted. The ISP cannot see anything just like they cannot see the content you browse on an encrypted website.
     
  23. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    i think he meant that your vpn sees that your connected through a vpn, wich is true and thanks for explaining it to the rest that dont know how a vpn generally works xD
    of course theres more to it than just that ,but that would go off topic it would seem xD
     
  24. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    VPN sees that you're connected through a VPN?? You mean ISP sees that that you're connected through a VPN? I don't see how, all they'd see is encrypted traffic flowing through.
     
  25. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    isp sees you are ,not vpn to vpn roflmao xD

    p.s: thats from what ive heard in a vpn discussion some time ago, not sure if the encrypted traffic gives it away or whatnot
     
Loading...
Thread Status:
Not open for further replies.