09-22-2020 , 03:39 PM
Quote:The Russian government is working on updating its technology laws so it can ban the use of modern internet protocols that can hinder its surveillance and censorship capabilities.( Continue Reading Article....)
According to a copy of the proposed law amendments and an explanatory note, the ban targets internet protocols and technologies such as TLS 1.3, DoH, DoT, and ESNI.
Moscow officials aren't looking to ban HTTPS and encrypted communications as a whole, as these are essential to modern-day financial transactions, communications, military, and critical infrastructure.
Instead, the government wants to ban the use of internet protocols that hide "[b]the name (identifier) [/b]of a web page" inside HTTPS traffic.
HTTPS TRAFFIC HAS LEAKS
Today, while HTTPS encrypts the content of an internet connection, there are various techniques that third-parties such as telcos can apply and determine to what site a user is connecting.
Third-parties may not be able to break the encryption and sniff on the traffic, but they can track or block users based on these leaks, and this is how some ISP-level parental control and copyright infringement blocklists work today.
The primary two techniques used by telcos today include (1) watching DNS traffic or (2) analyzing the SNI (Server Name Identification) field in HTTPS traffic.
The first technique works because browsers and apps make DNS queries in plaintext, revealing the user's intended site destination even before a future HTTPS connection is established.
The second technique works because the SNI field in HTTPS connections is left unencrypted and similarly allows third-parties to determine to what site an HTTPS connection is going.
NEW PROTOCOLS ARE HINDERING SURVEILLANCE AND CENSORSHIP
But over the past decade, new internet protocols have been created and released to address these two issues.
DoH (DNS over HTTPS) and DoT (DNS over TLS) can encrypt DNS queries.
And when combined, TLS 1.3 and ESNI (Server Name Identification) can also prevent SNI leaks.