On 8/10/2020 11:49 PM, Christian Huitema wrote: > On 8/10/2020 11:14 PM, Rob Sayre wrote: >> On Mon, Aug 10, 2020 at 10:58 PM Peter Gutmann >> <pgut...@cs.auckland.ac.nz <mailto:pgut...@cs.auckland.ac.nz>> wrote: >> >> Rob Sayre <say...@gmail.com <mailto:say...@gmail.com>> writes: >> >> >Do you think this fingerprinting will work with the newer ECH >> design, if the >> >client can add arbitrary content to the encrypted payload? >> >> ECH doesn't have any effect on web site fingerprinting so unless I've >> misunderstood your question the answer would be "N/A". >> >> >> Assuming the definition here: >> https://tools.ietf.org/html/draft-wood-pearg-website-fingerprinting-00 >> >> it does seem like ECH would make this more difficult, at least for >> pages in a large anonymity set. (agree that it won't matter much for >> Twitter, Google, et al) > > > Defeating fingerprinting is really hard. It has been tried in the > past, as in "make me look like Skype" or "make me look like > wikipedia". The idea is to build a target model, then inject enough > noise and padding in your traffic to match the target model. But that > way easier to say than to do! >
There is also the question of what the anonymity set is. I just did a little experiment of resolving 25000 domain names and looking at how many resolved to the same IP address (https://huitema.wordpress.com/2020/08/09/can-internet-services-hide-in-crowds/). And then I redid the stats with 50000 domain names. Did not find a lot of crowds. 75% of domain names in my sample resolve to their very own address, not shared with anybody. Only 8% resolved by addresses shared by 10 sites or more, and 1.3% resolved to addresses shared by 100 sites or more. Of course, 1% of the Internet is already something big. But still, not quite the whole world... -- Christian Huitema
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
