HTTP has two primary pieces of information that is useful: What your IP address is and what the request is to the distance server. At a minimum they can tell what server you’re trying to get to, even if you use a proxy server, that server is sending messages to other servers. As far as encryption: All commercial encryption is a joke. All encryption. It is just plain silly to think that commercial encryption beats military encryption. If that were the case then why would the military have its own encryption? 2048 bit keys? So? Key length means not much. There are military systems that don’t even use keys. What math algorithm are you using? Is it weak? Do you really know? What is its relation to a rather large prime number? I remember reading of “largest prime number found” by universities of lengths the NSA had 30+ years ago. Primes are how encryption is cracked, not brute force against keys, so key length means nothing. Once the NSA has the right prime factored equation to crack an encryption equation they simply put that onto a chip and run it at high speed in large numbers. The military/intel agencies wouldn’t maintain extremely large data collection sytems if all everyone had to do was encrypt using commercial encryption.