Re: [Tails-dev] Faking htpdate user agent worth it?

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Faking htpdate user agent worth it?
Hi,

(Let's get rid of this old stalled discussion and free some mental
space of ours.)

intrigeri wrote (21 Oct 2012 08:57:55 GMT) :
> anonym wrote (15 Oct 2012 13:14:24 GMT) :
>> OTOH it becomes easier to fingerprint Tails users on their side of
>> the pipe, which arguably is worse. Three *full* fetches of known web
>> sites are *much* more distinguishable than three header fetches of
>> known web sites, so Tails' startup traffic flow then becomes
>> a distinctive pattern to look for. Think "Bayesian classifiers"
>> which was all the rage a year or two ago.


> In case it was not clear: what is proposed is a GET of the page only,
> not going back to "wget --mirror" and fetch the page and all related
> resources.


> Web browsing recognition based on known traffic patterns I've read
> about was based on page + resources fetches, which provide quite more
> room traffic/time data to work on.


> How well would this class of attacks do with a HTML page fetch or
> three? (Not a rhetorical question :)


>> The fact that Tails' current htpdate should be (relatively) safe from
>> fingerprinting since it only fetches headers is already documented here:
>> contribute/design/Time_syncing/#index5h1.


> This page reads "fingerprinting based on the known traffic pattern
> when fetching the full page of any of the members of Tails' HTP source
> pools is not possible"; I've always understood, in this sentence, "the
> full page" as meaning "the page + all external resources it requires".


Ping?

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc