[OPSEC/Computer] Question Regarding TLS/SSL

It's my understanding that when visiting a site using TLS/SSL, all information contained in the URL is encrypted. That is, visiting https://reddit.com/r/darknetmarkets will handshake with the server hosting reddit and the rest of the URL (subreddit information, etc.) is only visible to reddit's servers after the handshake is complete. Am I mistaken?


Comments


[1 Points] sharpshooter789:

That is, visiting https://reddit.com/r/darknetmarkets will handshake with the server hosting reddit and the rest of the URL (subreddit information, etc.) is only visible to reddit's servers after the handshake is complete.

Yes, the entire get and post requests are encrypted. However, reddit isn't HTTPS by default so you have to manually type https://reddit.com, get HTTP everywhere plugin, or have an account and enable HTTPS. Unless your a vendor or a larger dealer you shouldn't have to worry about what the ISP sees.


[1 Points] indigo7333:

You are right, only reddit servers can read information, ALSO I would suggest using SSL everywhere, there are curious system administrators that can read your messages, also ISP server or router may be compromised with tracers installed.