[GTALUG] Decrypting and Re-encrypting Network Traffic

Tue Sep 10 18:33:34 EDT 2019

On Tue, 10 Sep 2019 at 17:28, James Knott via talk <talk at gtalug.org> wrote:

> On 2019-09-10 05:09 PM, Giles Orr via talk wrote:
> > Decrypting and re-encrypting network traffic is becoming more and more
> > popular.  I think it's an appalling violation of both trust and
> > privacy, but corporations seem to feel justified to "protect their
> > network" (it's not necessary to explain the logic to me, I get it ...
> > I'm just more about individual rights).  Or maybe they're just doing
> > it to mine your data, depending on the context.
> >
> > There seem to be two circumstances (this is just about web traffic):
> > - a private computer on a shared network, ex. you take your personal
> > computer to a coffeeshop
> > - a company computer on a company network, ex. you sit down at your
> > work computer
> >
> > I think I understand the latter: with a company computer on a company
> > network, all that's necessary is to push a trusted certificate and all
> > future communications will be done with that newly trusted cert and,
> > well, you're hosed.  Everything you send is examined and re-encrypted
> > with the receiving site's certificate at the company firewall.  Can
> > this be detected?  Can this be prevented?
> >
> > It seems that some shared networks (ie. the coffeeshop in the above
> > examples) manage to do this to people: is this only possible if they
> > convince you to install something, and presumably that install package
> > includes a certificate?  Or is there another way?
> >
>
> I'm not sure where you're going with this.  For example the coffee shop,
>

"Where I'm going" is to attempt to defend against what I perceive as a
violation of my privacy.

> it's long been recommended people use a VPN to prevent eavesdropping and
> hacking.  Is this what you're referring to?  Why is that a problem?
>

Well, because we shouldn't have to do it (although I understand that's a
lost cause).  But yes, this is one solution.

I've never heard of a coffee shop forcing you to install something.  I
> have, however, come across some restaurants, where you have to register
> and then get hit with ads etc.  I won't use those ones.  As for company
> equipment on a company network, well that's entirely the company's
> business.
>

And, I would say, all the employee's business as well.  Particularly if the
employer hasn't made it explicitly clear that they're doing such a thing.

-- 
Giles
https://www.gilesorr.com/
gilesorr at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20190910/ee71ded7/attachment.html>