5

I read this article which says github is being blocked in Russia because a single controversial page hosted on it can't be blocked because of HTTPS.

So I'm trying to determine if that implies that my local sys-admin can't keep track of my browsing history....

Though domains name would be visible to anyone in the middle, are the other parts of the requested URI encrypted, or can the ISP (or whomever is in the middle) see which folders/files on the domain I've requested (or are they encrypted)?

Improve this question
12
  • possible duplicate of How much information can my ISP see?
    – Ƭᴇcʜιᴇ007
    Commented Dec 4, 2014 at 20:08
  • My question is bit different, I want to know if the URI is also encrypted via HTTPS or just the content exchanged required via means of URI.
    – anuj_io
    Commented Dec 4, 2014 at 20:14
  • 1
    Russia is just taking the easy way out in blocking the content they want to ban. If they attempted to block by a single url the project in question could simply change redirect a domain to the github website and/or change their project name and thus the url would be different.
    – Ramhound
    Commented Dec 4, 2014 at 20:25
  • 1
    @tea_totaler - voting is anonymous. You can't possibly know who downvoted your question. So making a comment about the downvote is a little silly.
    – Ramhound
    Commented Dec 4, 2014 at 20:39
  • 1
    Note that in absence of a certificate substutition attack (MITM) an administrator can observe all the Layer 3 feilds in your packets, and determine what server you are contacting. They cannot however see the rest of the url, so they can tell what server you contacted, but not what you did there. HTTP/HTTPS is a layer 4 protocol, so without substituting the cert, they can't see everything. that said, they control the hardware between you and the server, so it is possible to either replace your host cert, or replace the certificate transparently as the circuit is being created.
    – Frank Thomas
    Commented Dec 4, 2014 at 20:53

2 Answers 2

Reset to default
6

Your local sys-admin can track your browsing history if they can get you to install a certificate on your (or their machine) - in which case they can man-in-the-middle your connection.

If you have your own device and are sure they don't have a certificate, the best they can do is get a feel for what sites you are going to by looking at the IP address of the sites and the traffic profile (ie lots of traffic could imply downloading of videos), and IP addresses of big sites normally have reverse lookup. They can also use DNS records to find the DNS you requested if you are using their DNS servers which is likely.

If the sysadmin does not have access to your machine to install the cert or local software, they can't use the network to see what page(ie folder) you are going to in the site as this is encrypted (This information is sent in the header of your request, which happens after SSL is negotiated).

Source: I am a system administrator who handles sites with HTTPS and from time-to-time manually do HTTP / HTTPS requests to check corner cases.

Improve this answer
8
  • I understood your point & thanks for the answer. Just a quick clarification, this means that even my ISP won't be able to see the URI, right?
    – anuj_io
    Commented Dec 4, 2014 at 20:52
  • There are ISP level attacks on HTTPs. Several ISPs have been found to employ devices that detect an HTTPS handshake in progress. They then proxy the connection transparently, by replacing your cert with their own, to send on to the server, and fake a handshake back to your system, so the tunnel is open as it passes through their device. the site thinks its taking to you, but its actually handshaking with the ISP, and you think you are handshaking with the server, but its actually the ISP that you are connecting with. schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html
    – Frank Thomas
    Commented Dec 4, 2014 at 21:01
  • more details here: sonicwall.com/downloads/…
    – Frank Thomas
    Commented Dec 4, 2014 at 21:05
  • 4
    Correct - provided you don't ignore certificate warnings your ISP can't see the traffic. @FrankThomas answer is correct but leaves out that if your ISP is intercepting the traffic this way you will get the same cert warning unless they have managed to get their cert into your browser - It is believed that the NSA may be able to do this kind of thing by having compromised CAs , but your ISP probably cant do this.
    – davidgo
    Commented Dec 4, 2014 at 21:14
  • Also in principle the size of the encrypted data can leak some information about what URLs you visit. Simplified example: suppose the ISP knows that the site you visit has on it 1000 small pages and one large downloadable file containing illegal/subversive/dissident information. Suppose you hit the site for 10M of data in 2s. Then you probably just downloaded the big file. Of course github has very many files, even if Russia was technically equipped to use this technique (a) it might not get a clear signal, (b) by the time it IDs the file it's already been downloaded.
    – Steve Jessop
    Commented Dec 4, 2014 at 22:17
2

So my does it imply that even my local sys-admin can't keep track of my browsing history too?

No, not necessarily. A sysadmin can perform a man in the middle attack if they put a custom certificate on the client computer.

If you click on the lock icon in the address bar of a secure site at home, it will say who the certificate issuer is and what the private key is. If you perform the same action at work and it says the same information - you are probably safe. If it does not, that's a huge red flag that someone may be intercepting your traffic.

As you said, they do know what websites you are visiting because of DNS - just not what is being transferred.

EDIT: To clarify, because of dns they know what SERVERS you are visiting, but not the entire URI.

Improve this answer
5
  • I so want to believe you but is their any online citation which confirms the same?
    – anuj_io
    Commented Dec 4, 2014 at 20:39
  • Sorry no. I've done this before for purely experimental purposes so i know it's possible, the best article would be wikipedia man in the middle attacks.
    – Arthur
    Commented Dec 4, 2014 at 20:43
  • I have read it so many times but nowhere it talks about the URI. :(
    – anuj_io
    Commented Dec 4, 2014 at 20:43
  • 4
    Grab wireshark, start a recording and watch the process between a standard http:// vs a https:// connection. I know this isn't a super helpful answer, but It's fun to watch and at least this way you can confirm what i'm saying with your own eyes - Plus, wireshark is a useful tool.
    – Arthur
    Commented Dec 4, 2014 at 20:45
  • Hi5 man! This is what I am talking about. I will definitely try out Wireshark.
    – anuj_io
    Commented Dec 4, 2014 at 20:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .