

HTTPS traffic is actually easier to track - jsanc
http://blog.polygraph.io/2014/10/29/https-traffic-actually-easier-track-http/

======
couchand
Click-baity headline for what looks like a poorly-written advertisement.

~~~
jsanc
(Author here.) Guilty, I guess. What do you find poorly written exactly?
Thanks for your feedback and my apologies if I crossed a line with the
headline.

------
AlyssaRowan
Wow, very clickbaity. Yes, certificates and SNI are indeed in the clear in the
TLS 1.2 ClientHello.

We're hoping to encrypt them for TLS 1.3. That's not easy if SNI is needed for
the server to know which certificate to use, and nearly intractable if
different vhosts have different cipher prefs.

Solutions welcome!

