|
|
|
|
|
|
by gomes33
1318 days ago
|
|
|
Thanks for your feedback mtmail Just to brainstorm: Would they buy advertising results via vendors, e.g. https://developers.google.com/third-party-ads/googleads-vend...? Or/And approach popular browser extensions; popular plugins with an offer to buy data, via GA or other tools? Regarding ISP's, currently with SSL, i don't see how they do it unless the ISP's are using a man-in-the-middle HTTPS proxy against websites with non-pinned SSL certificates - but that is ilegal, correct? So, i'm still puzzled |
|
|
You're right with ISPs. These days they'd only be able to see the domain name. That part of the HTTP header is unencrypted. Man-in-the-middle won't work, as you said, due to certificate pinning.