[LINK] https/metadata
Bernard Robertson-Dunn
brd at iimetro.com.au
Tue Dec 6 16:17:00 AEDT 2016
Thanks for the info so far. I'd forgotten the mobile device use case,
thanks Roger.
Unpacking the question a bit & differentiating between privacy and security.
If I go to www.nastysite.com and use https my interactions would be
secure but not necessarily private - the metadata (along with the DNS
query) would show that I'd visited www.nastysite.com. The authorities
would need to ask the website owner what I'd been doing.
If I went to google.com.au, it redirects to https. The authorities would
need to ask google what I'd been searching for. Google is quite good at
tracking specific computers through technology footprints and working
with the authorities and correlating query times they could quite easily
find out what queries had come from a specific machine, even if the user
hadn't logged on to google.
A VPN would help in this case because the authorities would not know
what sites I'd visited, at least not from looking at the user computer
to VPN node channel.
This is all very similar to the data de/re-identification problem in
that they are both more difficult than would appear, especially from
simplistic explanations.. I'm trying to work my way through
understanding both a bit better.
Thanks for the help.
--
Regards
brd
Bernard Robertson-Dunn
Sydney Australia
email: brd at iimetro.com.au
web: www.drbrd.com
web: www.problemsfirst.com
Blog: www.problemsfirst.com/blog
More information about the Link
mailing list