Hi Zack,
Thanks for bringing this up again, this is a very useful discussion to
have.
On Thu, Jun 05, 2014 at 12:45:11PM -0400, Zack Weinberg wrote:
* what page is the target reading?
* what _sequence of pages_ is the target reading? (This is actually
easier, assuming the attacker knows the
I'd like to restart the conversation about hardening Wikipedia (or
possibly Wikimedia in general) against traffic analysis. I brought
this up ... last November, I think, give or take a month? but it got
lost in a larger discussion about HTTPS.
For background, the type of attack that it would be
On Thu, Jun 5, 2014 at 9:45 AM, Zack Weinberg za...@cmu.edu wrote:
I'd like to restart the conversation about hardening Wikipedia (or
possibly Wikimedia in general) against traffic analysis. I brought
this up ... last November, I think, give or take a month? but it got
lost in a larger
Hi Zack,
On Thu, Jun 05, 2014 at 12:45:11PM -0400, Zack Weinberg wrote:
I'd like to restart the conversation about hardening Wikipedia (or
possibly Wikimedia in general) against traffic analysis. I brought
this up ... last November, I think, give or take a month? but it got
lost in a larger
Introducting my own working theory here, ignore if you wish.
I'd think that the *first* thing that would have to happen is that the page
and the images it contains would have to be delivered in one stream. There
are both HTML5 (resource bundling) and protocol (SPDY) mechanisms for doing
this.
On 06/05/2014 11:53 AM, Nick White wrote:
As was mentioned, external resources like variously sized images
would probably be the trickiest thing to figure out good ways
around. IIRC SPDY has some inlining multiple resources in the same
packet sort of stuff, which we might be able to take
On 5 June 2014 17:45, Zack Weinberg za...@cmu.edu wrote:
I'd like to restart the conversation about hardening Wikipedia (or
possibly Wikimedia in general) against traffic analysis.
Or, indeed, MediaWiki tarball version itself.
- d.
___
On Thu, Jun 5, 2014 at 4:50 PM, David Gerard dger...@gmail.com wrote:
Or, indeed, MediaWiki tarball version itself.
MediaWiki is a web application. As amazing as it would be for Wikipedia to
be secure against traffic analysis, we are not going to introduce
presentation-layer logic into an