← Back to context

Comment by grey-area

11 years ago

Is there any reason why I would want to use https for this use case?

Yes it can help you stop:

ISPs inserting adverts into your content (this has happened)

Governments censoring your content or rewriting it

Governments putting people in jail for reading your publicly available (in your country) content, which is illegal in theirs

People impersonating your website

But if you don't want to use it, that's cool too. I suspect all websites will be encrypted at some point soon though, the disadvantages are getting less and less important.

7 comments

grey-area

Reply
pbhjpbhj  11 years ago

>Governments putting people in jail for reading your publicly available (in your country) content, which is illegal in theirs //

How does that work, surely the gov can still see people accessing the information by monitoring network traffic and the info itself is still public. HTTPS doesn't encrypt the actual request traffic does it, and in any case the gov would still see which server the traffic is going to unless you're using something like tor [and possibly still then].

  • tlb  11 years ago

    HTTPS does encrypt both request and response.

    However, you can figure out what pages on a large public site like Wikipedia people are reading over HTTPS, based on statistical traffic analysis, because you can see the size of the request, page, and each of the images. Combined with link following analysis, you can make a fairly accurate guess as to what people are reading.

    • desdiv  11 years ago

      I believe that the combination of HTTP/2 and TLS length-hiding makes that attack impractical. Though admittedly we're still years away from widespread deployment of those two technologies.

  • hdevalence  11 years ago

    There's a difference between

    "User X browses Wikipedia"

    and

    "User X browses Wikipedia articles about topics A, B, C"

    where topics A, B, C could be anything user X doesn't want people recording them reading about: for instance, various political articles, articles about mental illness, articles about LGBT issues, etc. Fill in the blanks.

    • schoen  11 years ago

      I use this example myself quite a bit, although we've also got to figure out the distinguishability from page sizes issue. Different Wikipedia pages are different sizes, and they're still different sizes when they're encrypted.

      One interesting idea I heard from someone recently is tuning compression so that you target a small number of total page sizes -- rather than padding to expand pages to the same sizes, just don't compress them all quite as well as you could have.

      2 replies →