Dnia 10.01.2022 o godz. 13:44:56 Łukasz Wąsikowski pisze: > > I can think of many cases where information about which site you are > visiting is important, even if there is nothing private on those > sites. > > Do you want your ISP to sell your health insurance company > information that you are visiting sites about fighting cancer? > > Do you want others to know that you are visiting sites about mental > health issues? > > Do you want others to know your preferences about politic, religion, > sex, health or whatever? This kind of sensitive data can be > collected just by looking on sites you are visiting. So yeah, > encryption is important, even for public stuff.
All this is metadata, not the site content itself. Encryption of the actual site content does not protect you from collecting metadata by your ISP. Metadata can be collected even if you use HTTPS, just by logging your DNS requests or IP addresses you are connecting to. Similarly, even if you send an end-to-end encrypted email (using PGP or similar), it doesn't prevent the mail server operators from knowing that you did send the message and whom did you send it to, even if they don't know the content. If you want to protect yourself from collecting metadata, you have to encrypt all your traffic, not just payload of the Web traffic (which HTTPS does). In other words, you have to use solutions like Tor or a trusted VPN provider that won't spy on you and sell your metadata. And you are right with regard to the fact that metadata is often more important in "spying" on the individual than the actual data transmitted; but simple solutions like HTTPS don't protect you from metadata being collected. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
