A central theme of Walled Culture the book (free digital versions available) and this blog is that the copyright industry is never satisfied. Now matter how long the term of copyright, publishers a…
“Hey there customer, if you want internet access on our network (the only one available in your area), you have to install our intermediary certificate on your machine!”
File headers, magic bits, all sorts of stuff. Plus you can (and they do) try to load common file types, so if a PNG isn’t loading correctly, it fails the test.
Not really, because the client system is configured to go through the proxy. That proxy will connect to the website and do filtering on the unencrypted content because it is initiating the connection.
Next it’ll re-encrypt everything with its own certificate and serve it to the client.
“Hey there customer, if you want internet access on our network (the only one available in your area), you have to install our intermediary certificate on your machine!”
Also $3/mon certificate fee. To bring you the best possible service.
Hello, VPN
“Oh sorry, looks like we couldn’t decrypt that traffic, those packets went to the burn pile”
How do they know what qualifies as “encrypted” vs a binary blob that could be a photo or something?
File headers, magic bits, all sorts of stuff. Plus you can (and they do) try to load common file types, so if a PNG isn’t loading correctly, it fails the test.
From having worked in an enterprise environment, there’s a chunk of websites that break when you intercept their SSL connection.
Hopefully all of them, since that’s how network security works
Not really, because the client system is configured to go through the proxy. That proxy will connect to the website and do filtering on the unencrypted content because it is initiating the connection. Next it’ll re-encrypt everything with its own certificate and serve it to the client.
Oh you’re talking about enterprise scale mitm attacks on your own coworkers not the general case.
Yes, but that’s what you would need to do and get if everyone had to install an intermediate cert.
Oh yea definitely, I know this pain very well