On 30/01/15 02:13, Daniel Kahn Gillmor wrote: > Clients requesting multiple unusual TZs together are more easily > identifiable to servers, than clients who request only one. Should > clients request all their interested TZs at once, or spread out their > polling updates over time? HTTP pipelining is clearly more efficient; > but what are the privacy implications if you have a system service that > does this?
I've cherry picked here since the one thing that seems to have been missed is that the main target for tzdist is to provide a mirror of the TZ data. This is a complete set of tz information, and if my own distribution method is followed many of the 'security and tracking' risks being listed can never arise? The clients computer has a local copy of TZ, and any local processing is done against that copy. On a regular basis they ask tzdist if there has been an update to the version of TZ they are using. If yes then all of the are pulled down. A monitoring tap has no idea where the client is? The only know that someone has updated from v to v+1 of the TZ data? Client using subsets of the data such as embedded devices will be asking for a specific timezone, but that traffic will be within a local network. We know already where they are so we don't need any cleaver processing to hide the fact that we are in that physical location? I've just posted about local servers providing a specific subset of data - within the building it's serving - o you already have an even better idea of location than timezone :) As with just about any system, accessing the data can be abused exposing other information. We do need to identify what are 'secure' ways of accessing the data and what ars insecure, but not exposing anything that could not be deduced by other means anyway. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
