Web monitoring in the limelight: Debate on balancing privacy and safety
In a recent analysis, we delved into the intricacies of HTTPS, the technology that secures your online browsing by encrypting the connection.
HTTPS, an acronym for HTTP Secure, essentially locks down your web browsing with end-to-end encryption to protect you from unwarranted surveillance and interference. This security measure is vital in today's online world, where the unsecured HTTP could expose your data as it travels across the internet.
At the heart of HTTPS is Transport Layer Security (TLS), a protocol that transforms unencrypted network connections into secure, encrypted tunnels. TLS takes raw, unencrypted data and encrypts it en route, ensuring that it remains confidential throughout the journey. Once the data reaches its destination, the encryption is discarded, and the underlying content is delivered.
This process is possible because HTTPS still uses plain HTTP for commands and responses between the browser and the server, but the intervening data remains hidden inside the encrypted tunnel. In essence, the portion of the connection between the browser and the server enjoys end-to-end encryption.
It is essential to understand that HTTPS secures the transportation of data, offering confidentiality and protection against manipulation. However, it does not serve as a check against malicious content, as it lacks the capability to vet or validate the original data it transports.
For instance, if a web server sends malware disguised as a legitimate app, HTTPS will not detect or warn you about this malicious content. Similarly, it cannot identify and deter fake news or phishing sites. Instead, it handles data that has already been generated and sent out, preserving it untouched for transmission.
This raises the question of how web filters work when most of the browsing traffic passing through them is encrypted, often jako pseudồ-random, scrambled data. If the data is inscrutable en route, how can security software protect users from unwanted content proactively?
The answer lies in TLS's role as a protector, not just an encryptor. TLS aims to ensure not only that the data was encrypted during its journey but also that it originated from the site you intended to visit. This verification is crucial, as it helps prevent bogus servers from impersonating legitimate sites and serving modified or malicious content.
Web filters typically rely on edge case scenarios to inspect encrypted traffic without decrypting it. For example, they can analyze Server Name Indication (SNI), which denotes the site you want to visit, or they can maintain a list of trusted certificate authorities (CAs) that vouch for the legitimacy of a site's certificate. If these checks fail, the browser will provide a warning and refuse to proceed.
However, the signalling of legitimate web traffic still raises concerns for those seeking to circumvent HTTPS. Groups with legitimate or questionable intentions, such as IT departments, governments, and cybercriminals, may employ various methods to bypass HTTPS encrypted tunnels.
These groups can intercept or co-opt existing root Certificate Authorities (CAs) to sign bogus certificates, steal or co-opt legitimate organizations' private keys, or compel users to add trusted root CAs to their computers, effectively rendering their traffic vulnerable to attack.
In mitigation, users can avoid installing add-on trusted CAs except under specific circumstances, learn how to review trusted CAs and automated certificate warnings, scrutinize certificate signing chains, and communicate with their IT departments for guidance on web filtering practices. This vigilance and understanding can help protect users from falling prey to cybercriminals who exploit web filtering loopholes.
TLS, a crucial component of HTTPS, not only encrypts data during its journey but also verifies that it originated from the intended site, thereby preventing impostor servers from serving modified or malicious content.
Web filters employ strategies like analyzing Server Name Indication (SNI) or maintaining lists of trusted certificate authorities (CAs) to inspect encrypted traffic, but cybercriminals can bypass these measures by intercepting or co-opting root Certificate Authorities (CAs) or stealing private keys.
