However, may not help, and may hurt. Slyck says:
The level of protection offered likely varies on the individual’s geographical location. Since The Pirate Bay isn’t actually situated in Sweden, a user in the United States isn’t impacted by the law. However for the concerned user living in Sweden, the new SSL feature will offer some security against the perceived threat.
No, not really. There are things SSL cannot do and one of those is protect the IP addresses of the two endpoints. If you assume an adversary who is sniffing traffic, they can tell what the two IP addresses are.
There are other things they can do as well. Suppose, for example, they go to the Pirate Bay landing page and observe that it’s 1234 bytes long, and compare that with the size of the SSL transaction you made. If they match in size, then you have a pretty good idea of what the person did.
An attacker that crawled the Pirate Bay site and indexed the sizes of all the objects could construct a map of where people went.
Yes, there will be some uncertainty in it. But there will be less uncertainty than you think. Consider the CDDB database that identifies what CD you just put in a drive. It does nothing more than compare a list of track lengths to known entries, and it’s pretty darned good. So good that music plagiarists were caught by someone who saw a CDDB collision.
If the attacker is only trying to construct probable cause so as to raid someone, it’s likely good enough. “Yer Honor, the suspect may have gone to page X or page Y, but that only means that they’re downloading either X’ or Y.” Yeah, the judge will probably buy it.
SSL is a great technology for protecting content. You don’t care that the attacker knows you bought something, you want to protect your credit card number. It’s not very good at protecting the mere act of communication.
There are many things that can protect, but they have their own set of limitations. It’s too nice a Sunday afternoon for me to go into them.