[HTTPS-Everywhere] Intercepting proxy - Does SSL Observatory work?
Seth David Schoen
schoen at eff.org
Tue May 23 14:28:32 PDT 2017
Maciej Soltysiak writes:
> I'll explain my stance here. I am in the pilot because I'm curious
> about self defense in such situations. I realize close to 100% of
> userbase will have their endpoints controlled to the extent that they
> will not be able to do much about it.
>
> My curiosity here is: am I still able to detect eavesdropping or have
> I lost the game?
I don't think HTTPS Everywhere, including the Observatory feature, is a
helpful tool for you for this particular purpose. In the past there
have been some other cert-visualization tools like Cert Patrol that
might be more relevant.
You could also remove the proxy's root from your root certificate store
(or use a separate browser or browser instance that doesn't trust it);
then you would receive the normal browser warnings about intercepted
sessions.
You could also try to use some kind of Internet censorship circumvention
software to prevent your connections from being intercepted by the proxy
at all.
In some organizations that are strongly committed to monitoring users'
network activity, the third option (and possibly even the second option)
may get you in trouble with the organization.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the HTTPS-Everywhere
mailing list