The attack works by bypassing the HTTPS encryption which is supposed to prevent this happening. HTTPS would normally prevent the operator seeing the URLs visited by users, but a new technique abuses Web Proxy Autodiscovery and exposes browser requests to any code the network owner wants plug in. The bypass attack is specifically dangerous for those Windows, Linux and Mac users who use public Wi-Fi and public hotspots. The HTTPS bypass can also be used by your ISP provider to snoop directly on you without your knowledge.
