On Jul 31, 2013, at 3:12 PM, Magnus Manske magnusmanske@googlemail.com wrote:
There was the lofty notion of including all images, CSS/JS/whatnot as CDATA elements in the page itself, for browsers that support it. That would get around the one issue, but still allow size-based fingerprinting, especially since most users will follow links within the site, so the search space gets much smaller. Random package size increase, as mentioned, might help there.
This is part of why support and rapid adoption of protocols that allow for multiplexing (SPDY/HTTP2.0) are important - they would make the fingerprinting process significantly more difficult.
--Ken.