Hello, I really need some help about knowing something for sure, I've known for a while that ISPs can see the full URL of the website you are on if it's unencrypted like "Http" But whereas an encrypted website such as "Https" they can only see the domain name but not exactly the full url or what exactly you are on, And I've had this assumption for all this time I've been on Reddit browsing casually or looking at 18+ Subreddits and I don't want my ISP to know any of that data obviously but I have not been stressed as I know that Reddit automatically redirects itself to the https version....But
My Main Question: The thing is and I think the mistake I've been making is that the way I navigate myself to Reddit is always via typing the url in my browser exactly like this "www.reddit.com/r/TheBeatles" or www.reddit.com/r/embarrassingAdultSubreddit" and although I'm not including the "Https://" the page will always load to the Https version. but upon looking at my Firefox browser history I noticed that before it shows the history result of the "Https" version it finally loads it shows a "Http" version (Example https://imgur.com/a/1P9OACv) and I'm just wondering if my ISP can see that?
Have I been an idiot just assuming that because Reddit automatically re-directs to an encrypted Https that my ISP cant see my initial url search for "www.reddit.com/r/thebeatles" ? can they infact see the full url before it's then re-directed to encrypted?, because that would suck and completely defeat the entire purpose (My fault) Or is that initial url search not actually seen by ISPs until a few seconds later when the page actually loads? Im sorry I just don't know the actual process in between pressing enter and to the point the page loads Im just worried.
Thankyou for the replies! I live in Australia btw if that makes any difference. Here is a post by an Admin explaining that reddit is https only site https://www.reddit.com/r/help/comments/3b981x/http_automatically_redirects_to_https/
EDIT: I seem to have found some answers looking at a similar question asked on another website "https://security.stackexchange.com/questions/101703/is-url-visible-by-isp-before-http-request-is-301-redirected-to-https"
Some answers on that website have said that the answer to my question would be Yes sadly they can see my http request before it's encrypted if not for the fact if that website uses "HSTS" that fortunately forces a https connection from the get go no matter what (Reddit does use HSTS) so that my concern in question never happens... however I have read that usually for first time requests after freshly opening your browser does not know yet a website uses HSTS untill a first secure https connection that a site has HSTS so it may still not work..unless your browser on startup those site alredy on start up in some kind of HSTS preloading, My version of firefox on the main page does incloude Reddit as one of it's default programs so hopefully I am still protected with HSTS.
Submitted November 03, 2020 at 10:01PM by DisneyFan193 https://ift.tt/3l6Kuk4 via TikTokTikk
No comments:
Post a Comment