Well, a statistical analysis will be able to find the difference between browsing https gmail, and posting on Facebook / Twitter. And countries with internet filters may not have high standards of due process.
The other danger would be all offshore https sites getting blocked. Or a concerted effort to Man-in-the-middle all offshore https (assuming that doesn't already happen).
"The other danger would be all offshore https sites getting blocked."
Fine by me. "No benefits of the information access for your country unless you also allow dissenting opinions" would be quite a win for any project of this kind.
I know of at least one private university that MITMs every SSL connection. Doesn't seem lime it would be that hard to look for the Telex signature at that point.
Of course, the university is training everybody to click on "just trust this certificate", but that's a different issue.
Just like enterprises, they get you to install their CA cert as a new trusted root and then they sign their own certs for each domain as they flow through. Corporate IT will just push it through AD or pre-configure it, I'd assume campus IT gets you to run an executable to install it. Since all the traffic will be signed by them you won't get very far without accepting their root.
reply