Hi, anonym wrote (15 Oct 2012 13:14:24 GMT) : > OTOH it becomes easier to fingerprint Tails users on their side of > the pipe, which arguably is worse. Three *full* fetches of known web > sites are *much* more distinguishable than three header fetches of > known web sites, so Tails' startup traffic flow then becomes > a distinctive pattern to look for. Think "Bayesian classifiers" > which was all the rage a year or two ago.
In case it was not clear: what is proposed is a GET of the page only, not going back to "wget --mirror" and fetch the page and all related resources. Web browsing recognition based on known traffic patterns I've read about was based on page + resources fetches, which provide quite more room traffic/time data to work on. How well would this class of attacks do with a HTML page fetch or three? (Not a rhetorical question :) > The fact that Tails' current htpdate should be (relatively) safe from > fingerprinting since it only fetches headers is already documented here: > contribute/design/Time_syncing/#index5h1. This page reads "fingerprinting based on the known traffic pattern when fetching the full page of any of the members of Tails' HTP source pools is not possible"; I've always understood, in this sentence, "the full page" as meaning "the page + all external resources it requires". Cheers! -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev