SSL and hostname privacy

The GOP’s craven selling-out of user privacy to ISPs has me wondering, just how private is the modern web?

Only sort of private. HTTPS Everywhere is working, at this point I’m surprised if a site doesn’t support SSL. So the contents of web requests and replies are encrypted. Of course the IP address of who you’re talking to is not protected. But the hostname is also in cleartext; your ISP can see that you are specifically visiting eff.org or nelsonslog.wordpress.com. This is true both in HTTP/1.1 and HTTP/2.0.

Really the hostname is being exposed by SSL/TLS itself, in the Server Name Indication. The SNI is the way a single server can serve multiple web domains, it’s virtual hosting for SSL. The client initiates a connection and sends in cleartext “I’m trying to talk to eff.org”. The server responds with negotiating a connection using eff.org’s certificate. (The hostname may also appear in the request as a Host header, but I believe that’s encrypted.)

Why not encrypt the hostname in SNI? Who do you encrypt it for? SSL is as much about verifying server identity as it is encrypting the traffic, so the protocol starts with the client asking for a specific identity to set up the encryption. I think the hostname could be encrypted in the handshake with a second encryption channel, but I haven’t thought hard about it. And I have no idea how hard it would be to implement in practice, much less get adopted.

Note that HTTP/2.0 doesn’t do anything new about hostnames, it just uses TLS 1.2. The HTTP/2.0 spec mandates SNI support and that the client use it to specify the destination host.

Outside HTTP, your DNS hostname queries are also being sent in plaintext. So your ISP could snoop (or hijack) those. Thanks to Tom Jennings for pointing this out to me. In theory DNSsec or DNSCrypt or something like Dingo could protect against this, maybe now’s the time to get serious about deployment.

While I’m here, a lot of discussion yesterday was along the lines of “well time to use a VPN”. But VPNs don’t really solve the problem and introduce lots of new problems on their own. I only like them when you’re in a hotel with a shitty network or you need a specific private intranet connection.

It’s really a shame IPsec failed.

3 thoughts on “SSL and hostname privacy

  1. The point about DNS being plain and easily snoopable it a great one. Most folks just use the DNS server provided by the ISP, so it’s even easier to log and track. And incognito browsing doesn’t help you at all here.

    Been wondering how Tor fits in with all this too.

  2. Does someone other than OpenDNS actually use DNSCrypt? The google people sound lukewarm at best here:

    https://groups.google.com/forum/#!topic/public-dns-discuss/rmZTtPAV430

    One of the main reasons I keep a local dns resolver utility that can forward to google dns-over-https around on my laptop is that public wifi spots sometimes use content filtering based on DNS-hijacking/rewriting and the filters are, like all such filters, stupid and full of false positives. The technology is invariably provided by OpenDNS. It makes me (perhaps unfairly?) rather dubious of DNSCrypt.

    1. I’ve only seen DNSCrypt from OpenDNS. It looks like they’ve at least sort of tried to make it an open standard though, at least after two minutes reading.

      OpenDNS is terrible. Their philosophy is antithetical to correct DNS, and their product implementation breaks DNS in many significant ways. I think the Google DNS-over-HTTPS using a resolver like Dingo is a better idea, thanks for suggesting it.

Comments are closed.