NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Let me be clear and say that my knowledge is limited, no one knows everything about computers. I am fairly new, I have only been programming since the 1980's.
Yes, I did look and yes, I see that the same issue has been brought up many times. I also keep seeing the same lame excuse that, quite frankly seams like a lie. I am going to call BS on this, ask the question again, and see if we can't get somewhere with it.
The lie:
"HTTPS pages are encrypted and the router can't see the content, hence, it can't block access to HTTPS pages."
This same excuse keeps being used. This tired statement starts out true, about being encrypted and not seeing page content. It is also true that the ability to block the page, based on a scan of the page content, could not function. However; that claim fails to be true when it is used as an excuse for not blocking a domain name.
The truth:
The URL of an encrypted page is NOT encrypted or it couldn't be routed to its destination.
Currently, there is no reason this router shouldn't be able to block HTTPS pages by applying the filter to the domain name. I understand that a URL mask can be applied server-side and HTTPS encryption used to hide the true destination. Yes, I know there are work-arounds for crafty programmers/hackers. That said, applying the filters to the known URL would allow a significantly effective block for many things. When we are looking at router level filters, we are not talking about national defense or stopping a truly determined expert hacker. Given a little opportunity, I doubt 1 out of 10,000 people would be able to keep a novice hacker out of their personal computer. That said, it would be most helpful to many of us if Netgear would simply apply the filters, we have already input, to the URL and stop the average person from simply typing https://facebook.com and getting what they want when we told you to block facebook.com.
Ok so the next suggestion at this point might be to use the Genie app with the parental controls. That simply isn't an option. For reasons I will rant about in a future post, the Genie app is itself a security breach and not viable in its current design.
So, no more lies please, even if you can't filter HTTPS pages by content scan, at least implement the filters on the URL so we can effectively block most of the things we don't want getting through.
I do feel strongly about this and will not apologize for my tone. I am not a networking expert. If there is something I am missing, will someone PLEASE explain it to me because I have yet to read an explanation here that made any sence.
Thank you for your consideration.
7 Comments
Netgear please address this. This is a real problem, because while https sites may be encrypted, that does not mean they are trustworthy or that they are safe. We need the ability to blacklist or whitelist domain names as needed.
Hi Everyone,
I will forward this to my internal team and have them review the issue. :]
- Jason N
Hi Jason,
A few months have gone by now since your Aprill '18 forward to the internal team. As of today, with a new firmware download in place on my new Nighthawk router, the ability to block https website is still not working. Since August when Chrome started labeling http website as 'Not Secure' there has been a mad dash by most websites to move to https. With all websites moving to https it kind of makes the Blocking Feature a non-feature. I think the feature should fixed or removed as a marketing point.
Regards,
-Joe H@ Joe-Harris
It looks like JasonN is retired and hasn't been back since shortly after stepping in here. Is the timing a coincidence???- If I recall the RFC correctly, I think the domain name might be unobscured (because it’s converted to an IP at that point), but the trailing part of the url is definitely encrypted. You might be able to block based on domain or IP, but not the whole URL. There is further discussion here: https://security.stackexchange.com/questions/7705/does-ssl-tls-https-hide-the-urls-being-accessed
There's a reason why these companies aren't promoting or implementing the use of https blocking. Quite simply, we're in an age where data research, user tracking and analytics are an accepted part of society. Despite these companies are here to make our lives easier and more productive, they are not here to promote the protection of our privacy and freedom to control what data we give out.
I've only brought my attention to this very recently after noting the ridiculous consents I'm accepting on cookie banners and terms of uses on all corporate and even local websites these days.
There needs to be a simple router designed to give Joe Bloggs transparent https web traffic monitoring, ad blocking and domain blacklisting. And if website do not work without these technologies then tough. Nothings more sacred than your own dignity in exchange for losing out on a little bit of information.
Dark times ahead. Reduce dependancy folks. Get curious and start thinking about your data and get control back to your home router. Good luck.
90% of people want a simple no-hassle solution to blocking a few sites entirely for a scheduled period of time. e.g. No youtube during school, etc. This is very easy to do and NETGEAR is failing to do it because of the https:
Please, fix this.
