Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is where the arguments start to get a bit silly. If the authorities are trying hard enough to find you and your phone is on, the network it is attached to can probably locate you very accurately under most conditions already.

HTTPS is useful, and it should normally be the default for web traffic potentially crossing any untrusted network, but let's keep it in perspective. It's an application layer protocol. It can't protect you against attacks at lower layers.



It's not authorities, anyone setting up a router can peek into this information, and more importantly, tamper with it.

Remember Upside-Down-Ternet? [1]

[1] http://www.ex-parrot.com/pete/upside-down-ternet.html


Right, which is why I said HTTPS should be the default for web traffic potentially crossing any untrusted network.

But who is going to set up a hostile router in an office of five people? Or in someone's home?


Google will put a router in a coffee shop and log everyone who walks by. :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: