Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://techhub.social/users/djramones/statuses/112655357683670540">D.J. Ramones (djramones@techhub.social)'s status on Saturday, 22-Jun-2024 08:28:16 JST</a><a href="https://techhub.social/@djramones" title="djramones@techhub.social"><img src="https://gnusocial.jp/avatar/187760-48-20231012123636.webp" width="48" height="48" alt="D.J. Ramones" style="position: absolute; left: 0; top: 0;">D.J. Ramones</a><div><a href="https://c.im/@youronlyone/112653237074878336" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://c.im/@youronlyone">@youronlyone</a> the “the user is none the wiser” part here is misleading, I think. The example you linked to in your replies show that you had to deliberately ignore an invalid TLS (SSL) certificate before you received the “modified” request.</p><p>It’s true that using HTTPS and encrypted DNS without a VPN means ISPs can still monitor your traffic—but they will only get the IP address and the encrypted traffic. Sometimes the domain name, etc., still leaks, I admit I'm not expert in that part, but it's an exaggeration to say that they can modify your HTTPS-encrypted traffic so long as you stick to valid certificates. (Or, as another reply suggested, unless your device is compromised, say by having its trusted certificates store maliciously modified.)</p><p>When you ignored the invalid certificate warning, that's when your ISP was able to decrypt your traffic, basically telling them “sure, you can communicate with me as if you were the server I was expecting”. The government warning said as much.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3272357#notice-6458430">In conversation</a><time datetime="2024-06-22T08:28:16+09:00" title="Saturday, 22-Jun-2024 08:28:16 JST">about a year ago</time> <span>from <span><a href="https://techhub.social/@djramones/112655357683670540" rel="external" title="Sent from techhub.social via ActivityPub">techhub.social</a></span></span><a href="https://techhub.social/@djramones/112655357683670540">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="http://request.It/">request.It</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
D.J. Ramones (djramones@techhub.social)'s status on Saturday, 22-Jun-2024 08:28:16 JSTD.J. Ramones
in reply to
- Yohan Yukiya Sese Cuneta 사요한🦣
@youronlyone the “the user is none the wiser” part here is misleading, I think. The example you linked to in your replies show that you had to deliberately ignore an invalid TLS (SSL) certificate before you received the “modified” request.
It’s true that using HTTPS and encrypted DNS without a VPN means ISPs can still monitor your traffic—but they will only get the IP address and the encrypted traffic. Sometimes the domain name, etc., still leaks, I admit I'm not expert in that part, but it's an exaggeration to say that they can modify your HTTPS-encrypted traffic so long as you stick to valid certificates. (Or, as another reply suggested, unless your device is compromised, say by having its trusted certificates store maliciously modified.)
When you ignored the invalid certificate warning, that's when your ISP was able to decrypt your traffic, basically telling them “sure, you can communicate with me as if you were the server I was expecting”. The government warning said as much.
In conversationabout a year ago from techhub.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  request.It

Public

Embed Notice

HTML Code

Corresponding Notice