[Wikimedia-l] Disinformation regarding perfect forward secrecy for HTTPS
Ryan Lane
rlane at wikimedia.org
Fri Aug 2 05:07:03 UTC 2013
On Thursday, August 1, 2013, James Salsman wrote:
> Ryan Lane wrote:
> >...
> > Assuming traffic analysis can be used to determine your browsing
> > habits as they are occurring (which is likely not terribly hard for
> Wikipedia)
>
> The Google Maps example you linked to works by building a huge
> database of the exact byte sizes of satellite image tiles. Are you
> suggesting that we could fingerprint articles by their sizes and/or
> the sizes of the images they load?
>
Of course. They can easily crawl us, and we provide everything for
download. Unlike sites like facebook or google, our content is delivered
exactly the same to nearly every user.
>
> But if so, in your tweet you said padding wouldn't help. But padding
> would completely obliterate that size information, wouldn't it?
>
>
Only Opera has pipelining enabled, so resource requests are serial. Also,
our resources are delivered from a number of urls (upload, bits, text)
making it easier to identify resources. Even with padding you can take the
relative size of resources being delivered, and the order of those sizes
and get a pretty good idea of the article being viewed. If there's enough
data you may be able to identify multiple articles and see if the
subsequent article is a link from the previous article, making guesses more
accurate. It only takes a single accurate guess for an edit to identify an
editor and see their entire edit history.
Proper support of pipelining in browsers or multiplexing in protocols like
SPDY would help this situation. There's probably a number of things we can
do to improve the situation without pipelining or newer protocols, and
we'll likely put some effort into this front. I think this takes priority
over PFS as PFS isn't helpful if decryption isn't necessary to track
browsing habits.
Of course the highest priority is simply to enable HTTPS by default, as it
forces the use of traffic analysis or decryption, which is likely a high
enough bar to hinder tracking efforts for a while.
- Ryan
More information about the Wikimedia-l
mailing list