>>>>> Ammar Salih <ammar.sa...@auis.edu.iq> writes:
>> There are LOTS of ISPs between the client and the destination. Most
>> of these can get nothing about your location.
> They can get much more! trust me, the point is that if you don't
> trust the ISP then you should be worried about all your un-encrypted
> traffic, not only location.
> Anythink you write on facebook for example *if you don't use https*
> can be easily detected, including location tags, relationships,
> activities, wall posts, friends ... and much more, all your http
> traffic, including documents you read, messages, usernames,
> passwords, bank accounts ...etc.
That's precisely the reason to never, ever consider plain,
un-encrypted HTTP for anything that requires authentication. To
note is that the majority of sites don't allow logins over plain
HTTP, and I've never seen a bank providing access to one's
account over plain HTTP.
Once again, in the typical case, there're way too many networks
between you and the service you use to trust them all.
The same applies to the non-TLS (non-SSL) versions of the other
protocols, such as IMAP or XMPP, just as well.
> One last point, is that your current IP address reflects your
> location, I can simply do ip lookup and find out your location.
It's not actually as simple as it may seem, as long as the
possibility of a tunnel (VPN) is considered.
Such tunnels is also a reason why it isn't sensible for an ISP
to validate or provide geolocation information within the
traffic routed.
> Would that be also considered as privacy breach?
Yes. This is why one may occasionally want to relay one's
traffic via Tor [1].
[1] https://www.torproject.org/
--
FSF associate member #7257
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
