You're correct - TLS / SSL operate above the IP layer, so they know which server... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

TallGuyShort on Oct 21, 2019 | parent | context | favorite | on: NordVPN confirms it was hacked

You're correct - TLS / SSL operate above the IP layer, so they know which servers you're talking to, when and approximately how much, and if they can see your DNS requests it makes it that much easier to know which sites that maps to. TLS stops them from seeing the actual data you're sending them (like passwords), which pages you're viewing, and it also prevents them from manipulating the data (unless they've subverted the PKI, like if your company laptop has a certificate installed that trusts your company VPN, you company VPN can do a Man-in-the-middle attack to subvert TLS).

pbhjpbhj on Oct 21, 2019 [–]

By looking at side-channel data it was possible to correlate the page being viewed on SSL, IIRC researchers could calculate the page viewed about 70% of the time.

I misremembered, it was about 90% -- https://scirate.com/arxiv/1403.0297.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact