Hi,
anonym wrote (15 Oct 2012 13:14:24 GMT) :
> OTOH it becomes easier to fingerprint Tails users on their side of
> the pipe, which arguably is worse. Three *full* fetches of known web
> sites are *much* more distinguishable than three header fetches of
> known web sites, so Tails' startup traffic flow then becomes
> a distinctive pattern to look for. Think "Bayesian classifiers"
> which was all the rage a year or two ago.
In case it was not clear: what is proposed is a GET of the page only,
not going back to "wget --mirror" and fetch the page and all related
resources.
Web browsing recognition based on known traffic patterns I've read
about was based on page + resources fetches, which provide quite more
room traffic/time data to work on.
How well would this class of attacks do with a HTML page fetch or
three? (Not a rhetorical question :)
> The fact that Tails' current htpdate should be (relatively) safe from
> fingerprinting since it only fetches headers is already documented here:
> contribute/design/Time_syncing/#index5h1.
This page reads "fingerprinting based on the known traffic pattern
when fetching the full page of any of the members of Tails' HTP source
pools is not possible"; I've always understood, in this sentence, "the
full page" as meaning "the page + all external resources it requires".
Cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc