14/10/12 14:28, intrigeri wrote: > Hi, > > Ague Mill wrote (01 Oct 2012 09:27:09 GMT) : >> I think the overhead of not using '--head' and doing a full GET >> would be marginal. It would make it at least a little bit harder to >> distinguish from other requests. > > Fully agreed: this would make Tails' htpdate harder to distinguish > from the TBB at the level of a single request / access.log line, > and only stand out in aggregate.
OTOH it becomes easier to fingerprint Tails users on their side of the pipe, which arguably is worse. Three *full* fetches of known web sites are *much* more distinguishable than three header fetches of known web sites, so Tails' startup traffic flow then becomes a distinctive pattern to look for. Think "Bayesian classifiers" which was all the rage a year or two ago. The fact that Tails' current htpdate should be (relatively) safe from fingerprinting since it only fetches headers is already documented here: contribute/design/Time_syncing/#index5h1. Slightly off-topic: Reading the above design doc made me thinking about how recent changes in Tails may have affected it. Since the introduction of stream isolation (Tails 0.14~rc1), htpdate (and other Tails-specific applications) uses a SocksPort with IsolateDestAddr, so no circuit sharing occur between fetches. Will this make htpdate fingerprinting even easier when combined with full fetches? * *Without* circuit sharing I imagine that the eavesdropper only has to measure the traffic flow of a full fetche for each individual pool member and store this infor for future comparisions (when an IP address shows three of these flows, it's a Tails user with large probability). * *With* circuit sharing the eavesdropper would need to measure the traffic flow of fetching all combinations of three pool members instead. Hmm. On second thought I suppose it's easy to take the individual measurements from the previous point and create all combinations of three from them... Well, I don't feel convinced by my own argument for stream isolation being an issue for htpdate + full fetches, but let me just throw this thought out there for others to ponder upon to be sure. However, I do get the impression that stream isolation => loss of circuit sharing may make htpdate easier to fingerprint in general. Full fetch or not, each boot resulting in three different circuits being used simultaneously seem more distinguishable than each boot resulting in just a single circuit being used. OTOH, I'm a bit unsure whether Tor guarantees that simultaneous fetches must share the same circuit when stream isolation isn't used. If there's no such guarantee, then we obviously shouldn't base our assumptions on it. Cheers! _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev