On Thu, May 15, 2014 at 07:36:07AM +0200, Fabio Pietrosanti (naif) wrote: > i think that would be very important to organize a project to Audit the > functionalities of Auto-Update of software commonly used by human rights > defenders.
Yes, but I'll go one step further: auto-update is a horrible idea -- even if the connection is encrypted. Why? Because someone observing network traffic can deduce which operating system(s) and application(s) a target is using by doing traffic analysis: that is, just looking at where connections are originating and terminating. Even passively checking for the existence of updates -- that is, not actually downloading and installing them -- can facilitate this same traffic analysis. The results of that analysis have many uses: one that occurs to me offhand is that a repressive government might wish to identify everyone who appears to be using a particular application X because (a) it's not widely used across the entire population (b) but it's used extensively within a certain political/social movement/organization Y. Combined with other traffic analysis (e.g., visits to the web site of Y) this would be useful intelligence. Combined with research into the security vulnerabilities of X this would be VERY useful intelligence. Another use that occurs to me is that particular combinations of updates could constitute a signature that facilitates the tracking of individuals. In other words, lots of people might check for updates to A, or updates to B, or updates to C, etc.; but how many individuals check for updates to A, B, F and M but never C, D or J? I'm not sure what the answer to this problem will look like, but I suspect it's going to involve doing away entirely with the concept of "auto update". ---rsk -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.