On Fri, Jan 17, 2014 at 06:37:02PM -0800, Mike Perry wrote: > So this would be exposing a global fingerprinting vector that didn't > previously exist in TBB. OTOH, it would probably only be possible for > the adversary to examine it once before it becomes useless to anyone > else.. But once may be enough. > > How fast are these individual queries? Can we measure that, and what the > impact is on total page performance for the cache hit and non-cache hit > cases?
We should measure this. But we should definitely measure it in the case where the entire sqlite file is in the OS page cache, so in TBB we should /definitely/ read and discard its entire contents before playing. > Do we know how big the actual memory consumption is here? Right now, the > plaintext xml rulesets are 3.6M on disk. I suspect once parsed they are > smaller than that, but I am not seeing any easy way to get the memory > usage for the actual parsed rulesets object. It seems the most common > solution on the web is to manually traverse the thing and do some > addition and approximation for each object type. :/ Unfortunately I fear they're actually larger because of all the pointers and JavaScript book-keeping. I've tried to measure that by just looking at the RSS of the firefox process with and without HTTPSE enabled: https://trac.torproject.org/projects/tor/ticket/4804 -- Peter Eckersley [email protected] Technology Projects Director Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993 _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
