|
|
|
|
|
|
by quonn
4026 days ago
|
|
|
His argument is mostly based on analysing the size of the data transferred. Let's assume HTTP/2 for the moment. You have a single encrypted channel to a particular website that contains multiple interleaved opaque streams. It's not easily possible to extract the exact size of a single request from this. Furthermore, for a typical news website, for example, there will be an huge number of pages, they are dynamic and constantly changing and they will all have a very similar size. You do get privacy. If anyone claims otherwise, he should go and prove that it's possible and easy by providing a firesheep-like tool. It would make for a nice research paper. |
|
|