2 years ago
I don’t think I will throw out my scanner: visiting websites gives up metadata (especially without SSL support)
ssl does not protect your metadata at all, it gereates more and it verifies you for the NSA unless the sites you trust have self-signed certificates. The certificate “authorities”, especially Verisign are pwned by the NSA, so the NSA gets a copy of the SSL certificate as soon as it is generated. This is how they manage a “quantum insertion”. You go to their website, which looks just like Yahoo or Google, or WHATEVER – the point is, it has a perfect SSL certificate that you accept, and then you willingly surrender your password AND username. Thank you for you data. See the pdf “Full Disclosure” written by a group of engineers who figured this out even before the Snowden releases, though the recent pdf has benefitted from his fine work. http://cryptome.org/2013/12/Full-Disclosure.pdf
metadata is not a single monolithic type. If you assume that SSL is completely broken then there isn’t a difference. However this underscores my point that I will keep my ability to scan directly and not rely on other websites. For secure communications, use Tor and Hidden Services.