-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/29/2012 04:01 PM, David J. Weller-Fahy wrote:
> * Christopher Howard <christopher.howard@frigidcode.com>
> [2012-02-29 15:18 -0500]:
>> Hey guys, I wrote a brief online article attempting to explain
>> the basic concepts and technologies involved in Web browsing
>> privacy:
>
>> https://frigidcode.com/articles/the-basics-of-web-browsing-privacy.shtml
>
>> I know some of you have a lot more networking savvy than I do,
>> so I was hoping you might point out any technical inaccuracies or
>> obvious omissions.
>
> I like the article! A few thoughts:
>
> 1) In "Masking Origin" perhaps some talk of traffic analysis and
> why proxy services which do not run on your machine would be
> ineffective (i.e., anonymizer.com doesn't do the job, really).
Thanks for the response! Regarding this point, can you clarify what
you mean? Are you referring to someone doing traffic analysis of
output from the proxy service (and comparing it with yours)?
I've never used anonymizer myself, of course, but it's basically a vpn
into a proxy service, right?
>
> 2) In "Securing Content", perhaps a one to two sentence view on
> MITM and why TLS has to go with not ignoring certificate errors!
> ;)
Thanks, I'll give that some thought. To be honest, the situation out
there with misconfigured certificates is so bad that I'm not quite
sure what to say. Besides the self-signed certs (which includes some
of my own Web sites) there are the folks with completely mismatched
certs (from their hosting service or content-delivery), the servers
with missing sub-domain certs, expired certs, "secure." certs,
untrusted certs, and perhaps a few I'm forgetting to mention.
Sigh... we've almost completely failed to implement the vision the
creators of SSL originally had in mind. It was never meant to be
special security protocol reserved for processing credit card
transactions or making elite Web sites look "safe". It was supposed to
be an added security layer underlying the whole Internet, giving
everyone the benefit of encryption and authentication over untrusted
networks.
>
> I found it to be a very nice read without those two things, but
> figured they would add a little breadth without too much
> complexity. A very nice read, thanks!
>
Thanks again!
- --
frigidcode.com
indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPTtT2AAoJEI2DxlFxTtgd3/MH/3NgVVPJ5t2G837oKlCrO3JL
s9xKqQXriunQ3d0bRIYIgyAltiKIz0DO2daUsbmK+E9KMhnTkPTyDCvLzxgJN6cs
PFJlRPgfL2WwsqG0qPEqmMTeiPa8aRX1h6uiBC7wZt5JQGY+GM56cLV4dpcZCOcD
M1o0dJw3cXhCxGj9RXhw3t1WRlYKo3WhRladLQMF6GCJ+lwdgkfVP1REZDUMom95
gSZ2CiKr2qF8xJJUQFAo4mFokthNzugODDEhsQBZyRNYauC3X1edKpUxqDe/S1nJ
igyY0Zo0dST54fj7QiSQAMQxR8EtIjZTkx5zmjFTWrLN4Zg6GLJyX7gXCehJojQ=
=1Otv
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Feb 29 16:44:27 2012
This archive was generated by hypermail 2.1.8 : Wed Feb 29 2012 - 16:44:27 AKST