• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    49
    arrow-down
    1
    ·
    1 month ago

    I’m doing DPI on my own network and I can still view TLS certificate fingerprints and some metadata that provides a good educated guess as to what a traffic flow contains. It certainly better that it’s encrypted, but there is a little information that leaks in metadata. I think that’s what was meant.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      1
      ·
      edit-2
      1 month ago

      True, but this is generally not useful information to anyone. They can see you’re visiting bank.com, but they still can’t see your bank details.

      It might be useful if they’re trying to target you for phishing, but a targeted attack is extremely unlikely.

      Also, any wireless equipment from the past 15 years or so supports client isolation.

      • groet@feddit.org
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        1
        ·
        1 month ago

        Client isolation doesn’t help. That is just the access point not routing traffic between connected devices. The problem with WiFi is it is a radio signal. Everybody in range can receive 100% of all communication on that network. Just by being in range the attacker can do passive sniffing. No wiretap needed like with cabled networks.

        WiFi is encryoed if it uses a password. So any public WiFi without a password can be sniffed by literally every device in range (no need to connect to the WiFi for sniffing). On public WiFi with a password, the radio signal is encrypted but everybody knows the encryption key. So everybody connected to the WiFi can still sniff the traffic of everybody else.

        That encryption is only on the WiFi level, so encrypted radio signals, not on the actually traffic level (like TLS/HTTPS etc).