> On Nov 17, 2016, at 5:18 PM, gregrwm <tclug1 at whitleymott.net> wrote: > > What I am really wondering here is how the full exact query was captured and then repeated by a 3rd party out in the wild. The implications are kind of scary. > > scary = prefer not to think about. an understandable, and ubiquitous preference. which leaves leagues of leeway for such activity to accrete. > > Then I would suspect there’s a packet sniffer out there on an infected computer (not necessarily yours) that is getting this information via WiFi… Of course, that means your laptop is on WiFi phoning home. > > could be anywhere, eg modem, or at the provider Which is why sending it over HTTPS and as a POST is a better idea. The host name could even be maintained in a host file or on a private DNS server so that the domain isn’t even public… although that would be part of the transmission packet header. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20161117/50b5c52d/attachment.html>