Is it true that only the website name is visible to ISPs? (lemmy.world)

submitted 7 months ago by FlickeringScreens@lemmy.world to c/privacy@lemmy.world

2 comments fedilink hide all child comments

I've heard this is true for https, but I'm unsure.

you are viewing a single comment's thread
view the rest of the comments

[-] dohpaz42@lemmy.world 3 points 7 months ago

The technical reason why is because when visiting a website, the web browser has to translate the website name (aka domain name) into a number it can use to connect to; this is akin to looking up a person in your phone contacts and the phone calling the number. This is the part the ISP sees.

The actual web request would be invisible over HTTPS because as far as the ISP sees, it is a random collection of letters, numbers, and symbols (ie encryption). Only you and the web server know how to decode the information.

The web server sees a request for https://www.example.com/foo/bar?baz=bam as the following:

GET /foo/bar?baz=bam HTTP/1.1
Host: www.example.com

HTH

this post was submitted on 29 Jan 2024

3 points (100.0% liked)

Privacy

4019 readers

65 users here now

A community for Lemmy users interested in privacy

Rules:

Be civil
No spam posting
Keep posts on-topic
No trolling

founded 1 year ago

MODERATORS

iopq@lemmy.world