I need to take that back. It looks like modern implementations of HTTPS send normal HTTP (headers, body and all) over an encrypted connection and this *would* protect the requested URLs. The only thing a man-in-the-middle would know is that a connection has been made and possibly how many bytes of encrypted data had been sent/received.
It looks like I need to send an email to my Internet Programming professor. ;)
-Aaron
On Mon, Oct 3, 2011 at 3:44 PM, Steven Walling swalling@wikimedia.orgwrote:
On Mon, Oct 3, 2011 at 3:13 PM, Aaron Halfaker aaron.halfaker@gmail.comwrote:
HTTPS doesn't hide the URL of the pages you visit. Instead it hides the content of the page you requested (public) and the content you sent (public if it was an edit).
-Aaron
This is a good point, especially because I meant to send it to Communications Committee list, not RCOM. Too many committees in my contact list. ;)
-- Steven Walling Community Organizer at Wikimedia Foundation wikimediafoundation.org
RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l