We know What You're Watching (Even If It's Encrypted)

Discussion in 'privacy problems' started by lotuseclat79, Apr 14, 2017.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,385
    We know What You're Watching (Even If It's Encrypted)

    -- Tom
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,869
    That's a good argument against streaming.

    Torrents shouldn't have consistent traffic signatures, right?
     
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,401
    Location:
    USA
    I would think they would. The data itself would be consistent so it shouldn't be too much of a stretch to identify it.
     
  4. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    I not understand the article, netflix not even allows any Proxy/VPN since they GeoIP block all known IP's/Providers. The article also isn't detailed enough .. e.g.

    That's guessing because the file size, not accurate enough .. and oh wonder on Netflix there are video streams? What a surprise.

    Later in this article they mention some details like Dynamic adaptive streaming (mpeg dash). And when you read the wikipedia article you might notice:

    JavaScript a risk? Surprise²!

    So overall nothing new it's all about meta-data, fingerprinting and JavaScript (again) ... this is nothing new or special. VPN/proxy not protects against protocol meta-data weaknesses, otherwise you wouldn't receive any data due backward compatibility.

    Pls show us a code example or POC how this can compromise my security at all. I highly doubt that, this would require to infect me in first place with JavaScript malware within the video stream, last i've heard it isn't possible.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,869
    Sure, the data is consistent. But when an adversary can only see the VPN packets, all they have to go on is bit-rate vs time. Websites and video streams have consistent patterns. But with torrent downloading, you get chunks of a file in relatively random order. Maybe the total file size is consistent. But if someone is torrenting multiple files, the adversary arguably couldn't identify individual files.
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,401
    Location:
    USA
    I don't know how much time is actually a factor. If they are comparing to a known database of files then all they would need is a sampling of said data. But I'll probably end this here since I do not know enough details of what they actually are doing.
     
  7. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Torrents could be detected via deep packet inspection e.g. via LanGuardian or Snort.

    On ISP side:
    They just see that the torrent traffic is coming from known shares they do not know exactly what you are downloading unless they download the torrent themselves and compare the torrent id.

    To answer the question:
    When µTP is used by e.g. your client xcyz then it's easy to track a user, because it uses as a fallback the UDP protocol - this means traffic and source spoofing would be possible. It's often used in DOS attacks. Time or bitrate doesn't matter, since there is a grey-zone .. you could say that you wasn't behind when it downloaded it e.g. on the night and it's difficult to prove that you lie since you have no control about your router when you 'sleep'. Known technique to say when you get an warning from your ISP/RIA/..

    The thing is that (to stay on the topic) Netflix not use P2P, it uses a home-cooked protocol which more acts like a CDN. More details here.
     
Loading...