2

If I go to https://cats.tumblr.com/archive?x=y , what parts of that URL are leaked to the man-in-the-middle ISP? I know they'll see "tumblr", but will they also see

  • cats
  • archive
  • x
  • y

Also, if, for example, https://knowyourmeme.com uses an image stored on a separate URL ( https://i.kym-cdn.com/photos/images/original/002/185/700/4e8.png ), how much of that separate URL is exposed to the man in the middle? Just the kym-cdn? Or none of it, or what?

Lastly, is any significant information about the length of the URL exposed to the man-in-the-middle ISP?

chausies
  • 765
  • 7
  • 20

1 Answers1

3

Edited 1/20/2022, thank to Synchro in the comments

  • The domain name https://this.part.here/not/this/part?or=this
  • and the hostname. Which can be found on unix systems inside /etc/hostname

The domain name is leaked to the ISP via DNS request, and the hostname is leaked via SNI. Everything else is encrypted over TLS including the request URL and accompanied query parameters. However, if you use DNS over HTTPS (DoH) or DNS over TLS (DoT), these problems can be mitigated. ECH is a recent addition to the TLS 1.3 spec that fixes the hostname problem and has been automatically enabled alongside Firefox DoH since 2018.

If you're curious what you're currently leaking, you can check out Firefox's website data integrity tool here

TLS 1.3 spec

HTTP over TLS spec

DNS spec

DNS over HTTPS spec

Ruby A. Rose
  • 173
  • 1
  • 5