Hacker News new | past | comments | ask | show | jobs | submit login

The state could easily track who accesses that GitHub page, if they control the ISP.



That GitHub page in particular, versus any GitHub page? That'd involve a TLS break, no?


Just did some research, and you're right! TLS obscures the URL by default. I didn't know that.

Only nuance being that an attacker can draw conclusions about the length of the URL- which won't be very helpful on Github.


TLS alone is not sufficient. Fortunately, Github is also on the HSTS preload list.


> length of the URL

Also the length of the response, which is significantly more 'helpful', although probably not enough for a working attack unless you're willing to harrass a significant fraction of your intellectual workforce over false positives.


Yeah they need to hack or infiltrate Github, or get a warrant for your data.


Good thing Microsoft isn’t voluntarily in the PRISM progra-


Taking bets on "Microsoft was nudged into buying GitHub by one of the three letter clubs" being revealed one day


Especially in places like China where the Internet is heavily censored and Microsoft already has experience complying with the government's policies. https://www.wired.com/story/china-github-free-speech-covid-i...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: