HTTPS prevents passive monitoring at the application level, but there is
still nothing stopping the government from issuing a subpoena for the
webserver log files. They can still see what you're doing at the network
level, granted they can only see source and destination IPs and ports. With
enough analysis, some level of usage can be inferred.
Unless we want to turn off the access logs and remove any Google Analytics
tags, there are still ways for usage to be monitored and tracked. Unless
you always delete your browser history or use something like Chrome's
Incognito mode, your browser is tracking you too.
If Internet Archive has issues with HTTPS, it's easy enough to exclude them
from any URL rewriting so they can continue to harvest via HTTP.
On Sun, Nov 10, 2013 at 2:45 AM, Mitar <[log in to unmask]> wrote:
> Hi!
>
> On Wed, Nov 6, 2013 at 5:37 PM, Riley Childs <[log in to unmask]> wrote:
> > Why? HTTPS is used when there is sensitive data involved, code4lib.org(at least to my knowledge) does not have sensitive data?
>
> It is not just about the security of the users but privacy of the
> users as well. Internet Archive moved to HTTPS so that nobody could
> monitor what their users are accessing.
>
>
> Mitar
>
> --
> http://mitar.tnode.com/
> https://twitter.com/mitar_m
>
|