Chapter 3: Introduction to Technological Aspects of Privacy

Deep Packet Inspection

Deep packet inspection examines packet contents beyond the header, useful for malware detection and data-leak prevention but also enabling tracking and government censorship. Effective encryption (HTTPS, encrypted email) blocks it.

Only the header is needed to route a packet, but a node can examine the rest - deep packet inspection. Legitimate uses include scanning incoming packets for viruses and outgoing packets for data leaks. Abusive uses include tracking all of a user's online behavior to target ads, or government censorship such as China's 'Great Firewall.'

Encryption defeats inspection

When communications are effectively encrypted, deep packet inspection can no longer see the contents. After the 2013 Snowden disclosures, major email providers shifted to encrypted email, and HTTPS adoption grew rapidly. Inspection now works mainly on unencrypted traffic or where encryption is broken (e.g. stolen keys).

Key terms - quick answers

What is “Deep packet inspection”?

Examination by a node of some or all of a packet's contents (beyond the routing header) for purposes such as malware detection, data-leak prevention, ad targeting, or censorship.

← How Emails and Texts Work: SMTP, IMAP, POP, SMS and OTT Wireless Eavesdropping and Defenses →