|
|
|
|
|
|
by Someone1234
4332 days ago
|
|
|
That's a nice concept, but even with HTTPS the GET string is often leaked (e.g. referrer strings, tracking URLs (like Google's prior to this)). It is technically encrypted in HTTPS traffic but it isn't treated with very much respect so if you actually have access to all of the HTTP and DNS traffic surrounding a request you can often recover pages viewed. Additionally, in a lot of these countries computers come pre-installed with a government root CA which they can use to impersonate sites like Wikipedia (although the USG does this too!). |
|
|
"A user agent MUST NOT send a Referer header field in an unsecured HTTP request if the referring page was received with a secure protocol." http://tools.ietf.org/html/rfc7231#section-5.5.2
and that's how browsers implement it too.
DNS doesn't give the page you were on. Whilst some systems might have a government root CA on it, it's still quite possible to remove that - it's pratically impossible to remove ISP level monitoring.