[cmdrfred]

May I add an example. Let's say you are a drug company and you offer a number of different drugs. With TLS I only know that you are interested in a drug that company produces or the company itself, without it I know you or someone you care about has erectile dysfunction.

[spand]

No that is not all an attacker could know. TLS does not provide confidentiality of the number of bytes transmitted. So in your example an attacker would only have to crawl the public website and find the pages matching in size to the ones you have been browsing.

[mi100hael]

There are web server modules that will append random-length comments to the end of a page's HTML in order to foil this kind of attack

https://github.com/nulab/nginx-length-hiding-filter-module

[paulddraper]

Cookies, user-agent header, and keep-alives will make that very hard to figure out.

[rplst8]

Couldn't this be thwarted by injecting random bytes into each page served to vary the file sizes?

[cmdrfred]

Good point I hadn't considered that.