The government's massive surveillance programme, unveiled by Snowden, is still rife, and the issue of Internet user privacy has been put on the table again and again. And for privacy and network behavior security is listening to the insider, some people think that the SSL protocol encryption communication, so they will be safe. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0 "alt=" https "src=" for user privacy disclosure http:// S4.51cto.com/wyfs02/m01/23/13/wkiom1mw4wmsh3lpaaa7fgxxhts330.jpg "Width=" 440 "height="/> Of course, here we want to say, If you really care about your privacy and mind if it leaks, you can change your surfing habits appropriately instead of believing that using HTTPS to replace HTTP will ensure the security of your network behavior. HTTPS, of course, can be used to run an online store or E-commerce site, but it cannot be a so-called privacy protection tool. Researchers in the United States conducted a traffic analysis of 10 Web sites with extensive use of HTTPS and found that the disclosure of personal data was still visible, involving personal health care, finance, legal affairs and sexual orientation. Researchers at the University of California, Berkeley, Bradmiller, A. D. Joseph and J. D. Tygar and researchers at the Huangling lab, together in an article called "HTTPS traffic analysis--Why do you go to the clinic", the article says that HTTPS, as a Web transmission encryption protocol, is still very easy to conduct traffic analysis. Because this kind of recording analysis is similar to the "word bag" approach, the researchers refer to an analytical method called Bag-of-gaussians (BoG). "We use cluster technology to identify traffic patterns, and then use the Gaussian distribution to identify each cluster with similar traffic, further mapping the individual case behavior we need to analyze." "The researchers said. They also mentioned, "All analysis has at least two conditions, first, that the attacker must be able to access the same Web page as the victim, while allowing the attacker to identify different Web pages and traffic encryption patterns, and second, to be able to observe the victim's traffic and then compare it to the flow patterns previously known. "The test analysis of the study, including medical services, legal services, the financial industry and many other fields, even Netflix and YouTube are also in the ranks, the flow analysis of" attack "involving 10 sites nearly 6,000 personal pages, identify the same site on the various pages of the associated users, And compared with the users who have browsed this page, the accuracy reaches 89%. Earlier Snowden said, "encryption work, the correct implementation of the use of powerful encryption system, is one of the few ways you can rely on." Unfortunately for the NSA, however, terminal security is so fragile. "So technically, government agencies can be fully targeted at HTTPS traffic metadata for ISP monitoring, staff monitoring, so as to achieve their monitoring and" inspection "purposes. "Editorial Recommendations" https re-exploding vulnerabilities enterprise needs to upgrade TLS encryption algorithm default HTTPS encryption: Yahoo Mail finally enabled the "Responsible editor: Blue Rain Tears TEL: (010) 68476606" Original: HTTPS for user privacy leakage back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
