rchandraStargate Universe fan Premium Member join:2000-11-09 14225-2105 ARRIS ONT1000GJ4 EnGenius EAP1250
|
rchandra
Premium Member
2013-Aug-22 12:08 pm
encrypt, encrypt, encryptHTTPS Everywhere.
If they are to hold to their policy, how is it they're supposed to know what streaming is, or "Web surfing?" The first thing that happens during HTTPS is an encryption handshake. After that, arbitrary content is passed back and forth, which could be pipelined requests (thus the connection is not torn down). So unless they have the server's private key (to do even deeper packet inspection) or they're going to make their surfing/streaming/other classification based on IP address, they're system is quite flawed. Unless some other metric would be used, such as connection duration, I could just set up a Linode with OpenVPN (or whatever) listening on TCP port 443, and they SHOULD be none the wiser. I mean, it's just stupid silly. |
|
silbaco Premium Member join:2009-08-03 USA |
silbaco
Premium Member
2013-Aug-23 2:52 pm
They actually mention that they prohibit the use of VPNs on this plan. |
|
|
rchandraStargate Universe fan Premium Member join:2000-11-09 14225-2105 ARRIS ONT1000GJ4 EnGenius EAP1250
|
rchandra
Premium Member
2013-Aug-23 3:11 pm
...and how exactly are they supposed to tell the difference with an SSL or TLS VPN run on TCP port 443? From outside the tunnel, that's going to look like pipelined HTTPS Web surfing. It's folly. For good measure, It's certainly possible the "far" endpoint could even have an HTTP server which must have a specific HTTP request sent to it to complete the tunnel handshake, should they choose to make some sort of test connection. ViaSat wouldn't know what the contents of that HTTP request needs to be because, again, the first thing which happens is the SSL or TLS handshake, and then inside that would be any HTTP request or VPN. What ViaSat sees is in essence digital noise, unless somehow they manage to gain access to the private key. They're essentially running on the honor system to say "VPNs are off." |
|
|
to rchandra
Secure HTTP will count against the 5 GB/month limit for precisely the reason you mention: Exede will not be able to distinguish one packet from another. |
|