this post was submitted on 21 Feb 2024
11 points (86.7% liked)

Privacy

4164 readers
22 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
iopq
11
Can a VPN see an https websites folders and subfolders? (self.privacy)
submitted 8 months ago by FlickeringScreens to c/privacy
7 comments fedilink hide all child comments
 

I know VPNs aren't the best for privacy, but I'm curious, would a VPN be able to only see a domain and subdomain if the website is https? or can they see more somehow?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

The domain name is sent in cleartext at the start of the connection so that the server knows which virtual server you are connecting to, and which encryption key should be used for the connection (as a single server may be serving multiple sites, which can use separate encryption keys). See e.g. https://en.m.wikipedia.org/wiki/Server_Name_Indication for a more detailed explanation.

So the VPN provider can see the site you are connecting to, but not the full URL, just like an ISP can.