Back to Home
What the Zuck!
Evangelizing About the Erosion of Privacy


What the Zuck!
Evangelizing About the Erosion of Privacy

HTTPS Snooping


HTTPS Snooping

Originally, the initial development of the World Wide Web required the introduction of secure methods of web surfing. Without adding security, websites are completely transacting bidirectionally in plain text. This is not a scenario that can be sustained in e-Commerce since credit card numbers, names and addresses would be exposed to hackers.

This led to the quick development of SSL (Secure Sockets Layer) which has now evolved to a new standard called TLS (Transport Layer Security). To simplify the terminology, whenever you go to a website with the prefix HTTPS instead of HTTP, them then website is completely encrypted and no one (in theory) can snoop on the conversation.

Unfortunately, the idea of secrecy is not an acceptable option for businesses, governments and 3-Letter agencies so there is constant push-pull between those who wish to protect privacy and those who wish to snoop.

An example of this tolerated snooping exists in Corporate networks. Using man-in-the-middle hardware from certain manufacturers, HTTPS, which you thought to be secure, can be circumvented. This is highly disturbing because you use this protocol with the assumption that you can transact with your bank or e-Commerce site in safety and nowadays, if you are on a corporate network of a large company, the chances are that your traffic is being intercepted and stored for auditing purposes.

This supposedly allows a company to see if you're exposing company secrets or doing non-work related activity. However the implications are more scary since banking information, tax returns, purchases on-line are routinely exposed.
HTTPS Snooping

Originally, the initial development of the World Wide Web required the introduction of secure methods of web surfing. Without adding security, websites are completely transacting bidirectionally in plain text. This is not a scenario that can be sustained in e-Commerce since credit card numbers, names and addresses would be exposed to hackers.

This led to the quick development of SSL (Secure Sockets Layer) which has now evolved to a new standard called TLS (Transport Layer Security). To simplify the terminology, whenever you go to a website with the prefix HTTPS instead of HTTP, them then website is completely encrypted and no one (in theory) can snoop on the conversation.

Unfortunately, the idea of secrecy is not an acceptable option for businesses, governments and 3-Letter agencies so there is constant push-pull between those who wish to protect privacy and those who wish to snoop.

An example of this tolerated snooping exists in Corporate networks. Using man-in-the-middle hardware from certain manufacturers, HTTPS, which you thought to be secure, can be circumvented. This is highly disturbing because you use this protocol with the assumption that you can transact with your bank or e-Commerce site in safety and nowadays, if you are on a corporate network of a large company, the chances are that your traffic is being intercepted and stored for auditing purposes.

This supposedly allows a company to see if you're exposing company secrets or doing non-work related activity. However the implications are more scary since banking information, tax returns, purchases on-line are routinely exposed.
Buy VPN
Copyright 2017 Rob Braxman - All Rights Reserved