this post was submitted on 21 Feb 2024
11 points (86.7% liked)

Privacy

4261 readers
80 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
 

I know VPNs aren't the best for privacy, but I'm curious, would a VPN be able to only see a domain and subdomain if the website is https? or can they see more somehow?

you are viewing a single comment's thread
view the rest of the comments
[–] 314xel@lemmy.world 2 points 9 months ago* (last edited 9 months ago)

URL path (resource) is end-to-end (between your browser and end website) encrypted in an HTTPS request, along with the body, any query parmeters in the URL and POST params. So only the domain (or more specifically the IP) is transparent to your VPN provider.

As another user mentioned, the domain could get leaked to your ISP (besides the VPN provider) via DNS requests (depending of your PCs DNS cache lifetime and router cache), unless you use your own DNS provider over HTTPS. But your requests would still include an IP, which could be reversed to a domain via a trivial whois / lookup in a list.

But the thing you are worried about, the path in the URL (folders as you call it, but nowdays URL rewrite means that most probably there isn't a direct association between URI and web server's disk structure) should be encrypted and only the website you are visiting can decrypt it (via its private key of the SSL certificate).