Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Faking htpdate user agent worth it?
Hi,
(Let's get rid of this old stalled discussion and free some mental
space of ours.)
intrigeri wrote (21 Oct 2012 08:57:55 GMT) : > anonym wrote (15 Oct 2012 13:14:24 GMT) :
>> OTOH it becomes easier to fingerprint Tails users on their side of
>> the pipe, which arguably is worse. Three *full* fetches of known web
>> sites are *much* more distinguishable than three header fetches of
>> known web sites, so Tails' startup traffic flow then becomes
>> a distinctive pattern to look for. Think "Bayesian classifiers"
>> which was all the rage a year or two ago. > In case it was not clear: what is proposed is a GET of the page only,
> not going back to "wget --mirror" and fetch the page and all related
> resources. > Web browsing recognition based on known traffic patterns I've read
> about was based on page + resources fetches, which provide quite more
> room traffic/time data to work on. > How well would this class of attacks do with a HTML page fetch or
> three? (Not a rhetorical question :) >> The fact that Tails' current htpdate should be (relatively) safe from
>> fingerprinting since it only fetches headers is already documented here:
>> contribute/design/Time_syncing/#index5h1. > This page reads "fingerprinting based on the known traffic pattern
> when fetching the full page of any of the members of Tails' HTP source
> pools is not possible"; I've always understood, in this sentence, "the
> full page" as meaning "the page + all external resources it requires".