I would just assume at this point that anything you do on the internet is tied to you, stored, and available for others (someone, somewhere) to see. Sending data via HTTP is like sending snail...
I would just assume at this point that anything you do on the internet is tied to you, stored, and available for others (someone, somewhere) to see.
Sending data via HTTP is like sending snail mail in see-through envelopes. HTTPS only gives an illusion of privacy as the NSA (and I'm sure other initialisms) suck up nearly all web traffic and likely have SSL certificates for big websites, so they can replay and decrypt anything you've done. They also set up "man-in-the-middle" attacks and sometimes they just get a court order for the SSL-key (see lavabit below).
I would just assume at this point that anything you do on the internet is tied to you, stored, and available for others (someone, somewhere) to see.
Sending data via HTTP is like sending snail mail in see-through envelopes. HTTPS only gives an illusion of privacy as the NSA (and I'm sure other initialisms) suck up nearly all web traffic and likely have SSL certificates for big websites, so they can replay and decrypt anything you've done. They also set up "man-in-the-middle" attacks and sometimes they just get a court order for the SSL-key (see lavabit below).
Sources:
https://www.wired.com/2013/10/lavabit_unsealed/
https://en.wikipedia.org/wiki/Room_641A
https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/
https://static1.businessinsider.com/new-snowden-documents-detail-how-nsa-can-bypass-common-internet-encryption-2013-9
https://www.reuters.com/article/net-us-usa-security-snowden-encryption-idUSBRE98413720130905
https://www.cnet.com/news/nsa-disguised-itself-as-google-to-spy-say-reports/
https://en.wikipedia.org/wiki/Utah_Data_Center