A passive attack, meanwhile, uses a sniffing device near the user to intercept leaked info about a user's LTE data transmissions (when and how much data they use, for instance) and compares those to data 'fingerprints' for popular websites. If there's a match, you know where they're going despite encryption ostensibly keeping the destination a secret.

These attacks aren't exactly trivial. You need to be physically close to your target, and sniffing hardware isn't cheap (Ars Technica places the cost at roughly $4,000). Whoever uses the attacks will likely be either a committed thief or a surveillance agency. The problem, as you might have gathered, is that you can't patch against this. Your best bet is to only visit sites using HTTP Strict Transport Security or DNS Security extensions, and that isn't always easy. Although the like of facing an attack isn't that high, there might not be a permanent solution until you're using 5G.