Hacker News new | past | comments | ask | show | jobs | submit login

The only way they can do that is at the client level, not the network level. Whether it's running over a VPN or not, your traffic to Google is TLS, so you have an excellent guarantee that it's impossible to snoop on the contents of your HTTP requests at the network level.

However, you are using a Microsoft client and/or a Microsoft OS to do this - and of course, if they want to, Edge or even Windows itself can report on the input and output of any operation you make, regardless of any network security. Similarly, WhatsApp or Signal or iMessage or Android/iOS could send a copy of the plain text of any messages you send or receive to home base despite them being E2E encrypted on the wire. You always have to trust the device and client software you are using to access the internet.

So, if you personally don't trust Microsoft not to snoop on your traffic with Google, using Edge or Windows is completely wrong.




> your traffic to Google is TLS, so you have an excellent guarantee that it's impossible to snoop on the contents of your HTTP requests at the network level.

It’s definitely not impossible, MITM attacks work for TLS and this is exactly how cloudflare work (it MITMs TLS sites by terminating the tunnel and recreating.). TLS is only secure if you have pinned certs.


MITM for TLS only works if you have the cooperation of the server owner (like Cloudflare does, or illegally be stealing the server owner private keys) or a malicious CA, or if you ignore the security errors that the browser offers.

Otherwise, TLS is completely impervious to MITM attacks as a protocol.

Of course, various implementations of TLS may also have exploitable vulnerabilities.


I’m not sure what you refuted here, you seem to have said exactly the same thing I did.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: