|
|
|
|
|
|
by mhkool
1871 days ago
|
|
|
Thanks for the pointers. The coverage is calculated by DNS servers and web proxies and can only be incorrect if circumvented. The web proxies are almost all in corporate environments where they cannot be circumvented. Only a tiny fraction of HTTPS uses a TLS1.3 extension to encrypt the FQDN of the web server - the rest of the HTTPS traffic can be monitored. |
|
|
Snooping TLS to get FQDNs gives you only hostnames, not full URLs.
Over 50% of the top million web sites automatically redirect visitors to HTTPS. Any URLs can only be read if you can install software or your own certificate on each monitored endpoint.