Hi Zack,
Thanks for bringing this up again, this is a very useful discussion to
have.
On Thu, Jun 05, 2014 at 12:45:11PM -0400, Zack Weinberg wrote:
> * what page is the target reading?
> * what _sequence of pages_ is the target reading? (This is actually
> easier, assuming the attacker knows th
On Thu, Jun 5, 2014 at 4:50 PM, David Gerard wrote:
> Or, indeed, MediaWiki tarball version itself.
MediaWiki is a web application. As amazing as it would be for Wikipedia to
be secure against traffic analysis, we are not going to introduce
presentation-layer logic into an application-layer pro
On 5 June 2014 17:45, Zack Weinberg wrote:
> I'd like to restart the conversation about hardening Wikipedia (or
> possibly Wikimedia in general) against traffic analysis.
Or, indeed, MediaWiki tarball version itself.
- d.
___
Wikitech-l mailing li
On 06/05/2014 11:53 AM, Nick White wrote:
> As was mentioned, external resources like variously sized images
> would probably be the trickiest thing to figure out good ways
> around. IIRC SPDY has some inlining multiple resources in the same
> packet sort of stuff, which we might be able to take
Introducting my own working theory here, ignore if you wish.
I'd think that the *first* thing that would have to happen is that the page
and the images it contains would have to be delivered in one stream. There
are both HTML5 (resource bundling) and protocol (SPDY) mechanisms for doing
this. So
Hi Zack,
On Thu, Jun 05, 2014 at 12:45:11PM -0400, Zack Weinberg wrote:
> I'd like to restart the conversation about hardening Wikipedia (or
> possibly Wikimedia in general) against traffic analysis. I brought
> this up ... last November, I think, give or take a month? but it got
> lost in a lar
On Thu, Jun 5, 2014 at 9:45 AM, Zack Weinberg wrote:
> I'd like to restart the conversation about hardening Wikipedia (or
> possibly Wikimedia in general) against traffic analysis. I brought
> this up ... last November, I think, give or take a month? but it got
> lost in a larger discussion abo
I'd like to restart the conversation about hardening Wikipedia (or
possibly Wikimedia in general) against traffic analysis. I brought
this up ... last November, I think, give or take a month? but it got
lost in a larger discussion about HTTPS.
For background, the type of attack that it would be