Reason to block carrier cacheing/compressing http
I would compare sending http to sending a postcard by courier. If the courier duplicates the postcard and keeps a copy, that is considered an aggressive act. This is what happens when a carrier duplicates https and caches it. If you need to cache http, you have your browser's own cache. If someone pays the mailman to read and report on the contents of every postcard leaving a certain mailbox, that is a serious aggressive act. This is what happens when "advertising partners" of carriers-or the cops/FBI-either pay for or simply demand contents from carriers. They could theoretically compress http on the fly without storing or logging, but doing this requires rerouting traffic through a server to do this-a server that could keep a "pen register" of your entire surfing history or even keyword search the contents of your work. For that matter such a server could be hooked into PRISM or another such program.
There is a way to clear a carrier cache so you can forcibly reload a changed page: break and remake your connection to them. Other than that, never connect by http to any site offering https. That goes double for logins.
There is only one defense against deep packet inspection: https or other modes of encryption. Unlike image compression, this does not require client side code. Compression of https-which requires decryption and re-encryption, HAS been done by carriers, but only by using special browsers that are preset to accept their ssl certificate instead of the original one. Firefox, etc will complain if they get a Verizon or AT&T certificate when loading say, Hushmail. When using self-signed HTTPS sites (like many activist sites) by wireless carrier, you must check the certificate to ensure your carrier hasn't attempted a "man in the middle attack." This is because Firefox will already be popping up the "invalid certificate" warning, so you must actually read the certificate to ensure it does not suddenly come from your carrier. Best to store known good self-signed certificates. As for online banking/shopping, don't do that at all. To trust those requires betting that the hacker who wrote the bank's security software is a better hacker than the guy working at your carrier who is supplementing his income by intercepting online banking credentials.
Yes, I do in fact regard using the Internet at all as engaging in electronic warfare with those who would use electronic means to do you harm. Do not do so where you cannot afford to take losses, and never "bareback the network!" In fact, I would compare all carriers and the entire Internet backbone to a sexual partner who you don't want to dump but shows obvious signs of multiple infections. Never trust the network, wrap it up in all the encryption and privacy protection the site you are working can handle!
Originally posted by erendorn
View Post
There is a way to clear a carrier cache so you can forcibly reload a changed page: break and remake your connection to them. Other than that, never connect by http to any site offering https. That goes double for logins.
There is only one defense against deep packet inspection: https or other modes of encryption. Unlike image compression, this does not require client side code. Compression of https-which requires decryption and re-encryption, HAS been done by carriers, but only by using special browsers that are preset to accept their ssl certificate instead of the original one. Firefox, etc will complain if they get a Verizon or AT&T certificate when loading say, Hushmail. When using self-signed HTTPS sites (like many activist sites) by wireless carrier, you must check the certificate to ensure your carrier hasn't attempted a "man in the middle attack." This is because Firefox will already be popping up the "invalid certificate" warning, so you must actually read the certificate to ensure it does not suddenly come from your carrier. Best to store known good self-signed certificates. As for online banking/shopping, don't do that at all. To trust those requires betting that the hacker who wrote the bank's security software is a better hacker than the guy working at your carrier who is supplementing his income by intercepting online banking credentials.
Yes, I do in fact regard using the Internet at all as engaging in electronic warfare with those who would use electronic means to do you harm. Do not do so where you cannot afford to take losses, and never "bareback the network!" In fact, I would compare all carriers and the entire Internet backbone to a sexual partner who you don't want to dump but shows obvious signs of multiple infections. Never trust the network, wrap it up in all the encryption and privacy protection the site you are working can handle!
Comment