Encrypted Web traffic can reveal highly sensitive information

Discussion in 'privacy technology' started by ronjor, Jun 24, 2014.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    This is why everyone needs to use VPNs, Tor, etc.
     
  3. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    This brings up the problem of metadata analysis. Even if the traffic is encrypted, it still is vulnerable to quantitative analysis. If the traffic of a bit torrent client, for example, has a known traffic pattern in bytes per second/minute/hour, a network administrator could tell that someone on a given node in the network is torrenting, even if he had no idea of what the content of the torrents was. A web page has a determined number of bytes of content and if that was profiled a signature could be made and if the traffic pattern matched that signature, it would prove that was the page visited.

    TOR is a bit better than a vpn because the traffic flow is distributed. TOR plus a vpn is best. In any case, if you want anonymity, it is going to cost bandwidth. Encryption gives you relative anonymity but the metadata has to be scrambled for real anonymity. The burst mode sounds effective but a bit crude. Coming up with a system that allows flow but still disguises the metadata traffic patterns as well as the content is what's required.
     
    Last edited: Jun 24, 2014
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Quite a lack of information in this article. There isn't 1 universal encryption method, there are tons. This article doesn't state which was being (ab)used. Also if you're browsing a full TLS website using DNSCrypt, there is no way they can even know what site you're logging onto. They (your ISP) can see the server IP, which could host many many sites.

    Also worth noting is the "strict conditions" required to pull this off, non-issue.
     
  5. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    This is just academias version of sensationalism .
    If you think HTTPS is in any way 'secure' I urge you to have a look at your computers
    ' Trusted Root Certification Authorities certificate store '
    ANY CA in the store can issue a certificate for ANY website that your browser will treat as valid .

    And that is exactly what the TLA's do when they want to snoop .
    They will re-route the traffic so it passes a node under their control and you will never know what happened unless you run a trace-route on all your communication - I've seen this happen to VPN-traffic 'with my own eyes' some years ago when the US was putting the thumb-screws on certain Swedish websites .
    ALL traffic from a Swedish VPN-provider (they used PPTP !) took a very strange and long route, amongst the hops was one near Wiesbaden (Germany),
    one near Cheltenham (UK) and one near Langley VA (USA) .
    Rather strange route for traffic originating near Copenhagen (Denmark) going to a ISP in Malmø (Sweden) wouldn't you agree ?

    In most 'free-World' countries citizens have the right to be 'private' in their communications and this 'privacy' includes the fact that a communication has even taken place .
    I seriously doubt there is any technical solution to the problem, the solution is to vote for somebody else !
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    When it comes to this I´m not that paranoid, I agree that privacy is nice, but I´m not doing anything illegal anyway, so who cares. And let´s face it, your provider can monitor everything that you do on the web, if they really want to.

    EDIT: In the past I did download music from pirate sites. :)
     
  7. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
    Say You were marred and your wife was snooping in your computer, which is NOT illegal. She could Find the emails that prove you are Cheating,which is not illegall but would you want your wife to find out .
     
  8. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    If the title is true then paranoia hasn't got anything to do with it but common sense has.
    o_O

    .... well, those who aren't brainwashed and still have the ability to see the value in privacy. Moreover, unless you're completely dense, you might see that a privacy breech is likely synonymous with a security breech. That could mean anything from stolen identity to direct funds theft to disclosure of private sensitive data like medical issues. All the best if you still think that's OK for all and sundry to feast their eyes on.
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Wiesbaden = NSA - Cheltenham = GCHQ - Langley = CIA/NSA
     
  10. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    149


    If you are using FF, the addon White noise Generator can help you to scramble your online behavior.
    https://addons.mozilla.org/en-US/firefox/addon/white-noise-generator/
     
  11. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    This is good. This would be a good addon for the TOR browser because TOR by its nature does quite a bit of randomizing on the metadata already.

    After thinking about it a bit, I don't think burst mode is so bad either because it could be done in very quick randomized intervals of microseconds to milliseconds that would still slow bandwidth a bit but not in a way that would make for too unpleasant a web experience while still scrambling the quantitative metadata to the point that it is unreadable.

    I'm not likely to try it myself but I think that playing with QOS setting on a router that supports it--like one using Tomato--could also be effective in masking, if not quite scrambling metadata patterns.
     
    Last edited: Jun 30, 2014
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Isn´t that something different? I would choose to use a separate user account, problem solved.
    And of course I would never cheat on my wife. :)

    But what I meant was, that I´m not that paranoid when it comes to the NSA or my provider checking what kind of sites I visit. And I also don´t use any VPN services to hide IP and stuff, I´ve read it will slowdown browsing, so why bother.
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Actually, problem not solved if you married a techie. You'd need to secure data in your drive from direct access.

    Guess you're used to someone always monitoring what you do, so be it.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes that´s true, but at the moment I got nothing to hide, plus I´m the only user of my PC. ;)
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    "Nothing to hide" struck another chord, must be nice having that amount of trust towards the government and companies these days. But they're not the only ones who can snoop on you if you truly have nothing to hide.
     
  16. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
  17. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    149
    You are right. In fact it's a very new addon. I think il will in future version more and more mimic human behavior.

    An other addon in the same area, but much more mature, is TrackMeNot: Basically, it sends random queries to de search engine of your choice.
    cs.nyu.edu/trackmenot/
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Like I said before, I do like privacy, that´s why I´m using tools like Ghostery (anti-tracking) and HIPS (anti-trojan). And if I could hide my IP in an easy way, I would probably do it. But some of the things go a bit too far IMO. :)

    For example this:

    https://www.wilderssecurity.com/threads/how-to-anonymize-everything-you-do-online.365046/
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.