Prompted by the Ars Technica reporting on QUANTUM, I took a look at the slide and read the text, as well as compared to the MULLINIZE document describing NAT breaking. My conclusion is that the NSA obtains significant amounts of information from user activity in between closing browsers, and that current Tor Browser Bundle remains vulnerable to this attack.
QUANTUM appears to rely on inserting fake references to third party assets and manipulating cookies in the requests made by the browser in response. I propose that we block third party cookies unless over HTTPS to mitigate this problem, and try to encourage users to use more frequent new identities. MULLINIZE achieves the reliable tracking of individual users behind a NAT through similar tricks. It is clear that the NSA views this information as valuable, even without real-world addresses to tie to it. Linkability across pages is difficult: breaking sessions is a major cost of the obvious no cookies approach to preventing this sort of attack. Sincerely, Watson -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
