252
What the hell Proton! (r.nf)
submitted 10 hours ago by King@r.nf to c/technology@lemmy.world
90 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments
[-] asdfasdfasdf@lemmy.world 29 points 8 hours ago* (last edited 8 hours ago)

How is DPI a problem if it's encrypted? That would only work if the attacker had installed their CA cert on your client machine, right?

[-] henfredemars@infosec.pub 26 points 7 hours ago

I’m doing DPI on my own network and I can still view TLS certificate fingerprints and some metadata that provides a good educated guess as to what a traffic flow contains. It certainly better that it’s encrypted, but there is a little information that leaks in metadata. I think that’s what was meant.

[-] catloaf@lemm.ee 20 points 6 hours ago* (last edited 6 hours ago)

True, but this is generally not useful information to anyone. They can see you're visiting bank.com, but they still can't see your bank details.

It might be useful if they're trying to target you for phishing, but a targeted attack is extremely unlikely.

Also, any wireless equipment from the past 15 years or so supports client isolation.

[-] groet@feddit.org 3 points 3 hours ago

Client isolation doesn't help. That is just the access point not routing traffic between connected devices. The problem with WiFi is it is a radio signal. Everybody in range can receive 100% of all communication on that network. Just by being in range the attacker can do passive sniffing. No wiretap needed like with cabled networks.

WiFi is encryoed if it uses a password. So any public WiFi without a password can be sniffed by literally every device in range (no need to connect to the WiFi for sniffing). On public WiFi with a password, the radio signal is encrypted but everybody knows the encryption key. So everybody connected to the WiFi can still sniff the traffic of everybody else.

That encryption is only on the WiFi level, so encrypted radio signals, not on the actually traffic level (like TLS/HTTPS etc).

[-] orange@communick.news 12 points 7 hours ago* (last edited 7 hours ago)

I think it might be confusion between inspecting plaintext metadata like SNI vs actually inspecting encrypted contents (e.g. HTTPS content, headers, etc.).

[-] Dark_Arc@social.packetloss.gg 8 points 7 hours ago

Yeah, deep packet inspection really doesn't work without breaking https security via man in the middling everything.

this post was submitted on 06 Oct 2024
252 points (87.5% liked)

Technology

58492 readers
3900 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world