On Mon, Dec 8, 2014 at 8:09 PM, Mark Nottingham <mnot@mnot.net> wrote: > If so, I've had similar misgivings -- backed up by conversations with Balachander Krishnamurthy at AT&T, who said that it would have been much harder for them to find how pervasive cookie tracking was had everything been encrypted <http://www.sigcomm.org/ccr/papers/2010/January/1672308.1672328>. That's a bit hard to swallow, given http://www.washingtonpost.com/business/technology/verizon-atandt-tracking-their-users-with-super-cookies/2014/11/03/7bbbf382-6395-11e4-bb14-4cfea1e742d5_story.html > When I talk to browser folks about this, they say that you can still install a CA to observe traffic, or look at the console / dev tools, etc. I think that's a reasonable answer, but one that needs better tools available to foster this kind of research. A full powered debugger built into the browser, plus all the various extension and add-on APIs, give users and researchers tons of power. Yes, DPI/HTTPS proxying will require the proxy/wiretapper to install a trust anchor on the client machine — i.e. to visibly take administrative control over the client machine — and that is most certainly a user safety feature, not a bug.Received on Tuesday, 9 December 2014 18:37:49 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:08 UTC