0

I'm going to try to keep this as short as possible, but if you need any additional context or information, don't hesitate to ask. Also, if this is not the correct SE platform for this question, please point me in the right direction.

Can the server admins / ISP / anyone else read the content of my Gmails, WhatsApp Web messages, or any other communications on platforms that use HTTPS?

My understanding of HTTPS is that it is not possible but I'm not entirely sure.

  • If it is possible, how easy would it be to do so?
  • If it's not possible, is there any software that an employer might install on the network / employee PCs to break, beat or otherwise overcome the encryption of HTTPS?
  • If not through software, what other means might an employer make use of to overcome HTTPS?
SeriousLee
  • 103
  • 1
  • This question really belongs on [security.se], though if it was migrated there I am sure it would promptly be closed as a duplicate. – kasperd Oct 12 '18 at 07:25

2 Answers2

3

If your employer has installed their own root certificates on your system, then yes, they can read your encrypted traffic. Look up MITM attacks.

doneal24
  • 851
  • 6
  • 14
  • It may be application/browser-dependent. Chrome allows MITM interception for trusted certificates on pinned sites, but I'm not sure about Firefox/Internet Explorer. Also I believe WhatsApp has end-to-end encryption that is independent of the transport layer encryption. – Greg Askew Oct 11 '18 at 18:18
0

All communications that use HTTPS protocol means everything is encrypted between you and the server (remote end) so right out of the box they can't read your information. If you store the information locally (for example on your computer) applications create databases to store information and they probably could play with that to make it readable but if you are just on the web from your phone/computer you're safe. Also, the ISP can only see the traffic/domains you're visiting but not the actual content.

Humberto Castellon
  • 879
  • 1
  • 7
  • 17