Tracking information on HTTPS connection
My organization uses cyberoam firewall. They are monitoring all activities including my search text in Google, Wikipedia etc. So recently i changed to HTTPS versions and now using HTTPS connections of Google and Wikipedia, that is https://www.google.co.in and https://en.wikipedia.org. Now weather they are able to monitor my search contents and search topics? I know the query string are encrypted so i guess they can't. But I want to know what are all the information can be tracked except host name and the length of data? Can they sniff which topic i am reading in Wikipedia or what are the contents i am searching in Google?
And also if search my result contains images, especially when searching for something the page contains images from other pages and the same thing with image search also. The image is hyperlink to their corresponding page. Is that URL is traceable if i didn't clicked the image. because that image will be from other HTTP connections. So that is traceable right?
Solution 1:
They can still monitor HTTPS traffic if they replace the SSL certificate with one of their own. Many (hardware) filtering devices do that. The organization would have to make sure that their certificate is installed in the computers you use, otherwise the browsers start complaining about suspicious certificates.
You can check the certificate of any HTTPS site you're visiting: if is not from the site the company has inserted its own.
Listen to Security Now episode 243 (http://www.grc.com/sn/). Here is its transcript: http://www.grc.com/sn/sn-243.htm
To find more info Google 'deep packet inspection https' or just 'dpi https'.
E.g. this post: http://community.spiceworks.com/topic/137822-sonicwall-deep-packet-inspection-ssl-dpi-ssl
And whether 'your' specific Cyberoam firewall has this capability, you can maybe check at their website http://www.cyberoam.com