• Kayn
    link
    fedilink
    English
    41 year ago

    What is Google gonna get from encrypted HTTPS requests that they don’t already get from the associated DNS requests?

    • @pandacoder
      link
      English
      11 year ago

      A more granular view of your actual traffic/usage habits.

      Let’s say a page you visit embeds a Tweet, you’ll end up firing off a DNS request for twitter.com, and at least one request to load data from Twitter.

      Now let’s say you actually use Twitter. The DNS request will be the same, and you will have many requests to Twitter to load data.

      In both situations a DNS request is sent off, so the DNS provider knows you probably loaded something but they are going to have a harder time understanding if you are a Twitter user or if you are just frequenting a website with Twitter embeds. However the network provider that can see to what servers the HTTPS request for data are going will see just how often you are actually connecting to Twitter and the size of the transferred data and can build an incomplete but still far more detailed picture of your habits, and they would be able to tell the difference between an only-embed viewer and a regular Twitter user.

      Additional dystopian future possibility:

      Also, for anyone with objectively nefarious future goals, even if the data is encrypted, if one day we are indeed able to break encryption en masse the DNS provider can’t decrypt data they don’t have but the network provider definitely could.