Http means your employer knows you watched porn on the company WiFi, and they also know which specific videos and what your username for the site is. If site security is particularly lax, they may even know your password.
Https means your employer can see you watched porn on the company WiFi, but they don’t know which video(s) specifically, and they don’t know your login info.
VPN means your employer only knows you connected to a VPN. They may be able to take educated guesses at what type of content you were viewing (streaming video, for example, has a pretty easily identifiable pattern of data transfer,) but they don’t know what video you were watching, or what site it was coming from. The VPN service knows you watched porn, but the aforementioned rules about http and https still apply; If you’re using https, they don’t know specifics.
Tor means even the VPN doesn’t know which specific video(s) you’re watching, because they just see a connection to another Tor node, which sees another tor node, which sees another tor node… Etc. In order to know what you’re watching, they would need to own every node in the chain. If they own both the entry and exit node they may be able to match it to you with a timing attack, (they see packets going into the Tor network at the same time they see packets coming out towards you). Again, they can make educated guesses based on pattern recognition, but they won’t have a clear picture without owning both your entry and exit nodes and performing a timing attack.
Now you can substitute “your employer” for anyone who is trying to get your info. Public WiFi spoofer, your ISP, etc…
Yup. The way I’ve always described it is this:
Http means your employer knows you watched porn on the company WiFi, and they also know which specific videos and what your username for the site is. If site security is particularly lax, they may even know your password.
Https means your employer can see you watched porn on the company WiFi, but they don’t know which video(s) specifically, and they don’t know your login info.
VPN means your employer only knows you connected to a VPN. They may be able to take educated guesses at what type of content you were viewing (streaming video, for example, has a pretty easily identifiable pattern of data transfer,) but they don’t know what video you were watching, or what site it was coming from. The VPN service knows you watched porn, but the aforementioned rules about http and https still apply; If you’re using https, they don’t know specifics.
Tor means even the VPN doesn’t know which specific video(s) you’re watching, because they just see a connection to another Tor node, which sees another tor node, which sees another tor node… Etc. In order to know what you’re watching, they would need to own every node in the chain. If they own both the entry and exit node they may be able to match it to you with a timing attack, (they see packets going into the Tor network at the same time they see packets coming out towards you). Again, they can make educated guesses based on pattern recognition, but they won’t have a clear picture without owning both your entry and exit nodes and performing a timing attack.
Now you can substitute “your employer” for anyone who is trying to get your info. Public WiFi spoofer, your ISP, etc…