[Cryptography] IAB Statement on Internet Confidentiality
Andreas Briese
ab at bri-c.de
Tue Nov 18 05:24:15 EST 2014
Meanwhile - even if a little bit off topic - a different approach is to hide the topic
of interest by requesting the whole web-content under header i.e. „politics“ or „health“.
I’ve done so here: http://newscleaner.net using a customized chrome browser that skips loading
the linked in (advertiser network) javascript that do user-profiling (http://newsreadsus.okfn.de/
https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf) as a surplus.
Andreas
Am 18.11.2014 um 11:06 schrieb Stephen Farrell <stephen.farrell at cs.tcd.ie>:
>
>
> On 17/11/14 20:59, Andreas Briese wrote:
>>>>
>>>> For example, traffic to https://firstlook.org/theintercept/
>>>> is encrypted, but even a passive observer can tell
>>>> what articles I've read, just by looking at the file
>>>> sizes.
>>>>
>> Do’nt know, if the example is valid here, since encryption says nothing
>> about traffic size. The interesting equation would be, if your IP
>> calling the site will be protected by standard or not, and if all nodes
>> between you and the site need to know about you calling for an article.
>
> Both HTTP/2 and TLS1.3 are looking at including traffic
> padding mechanisms. I've not checked the latest drafts
> for those but I think they should allow implementations
> in future to do better at this issue.
>
> S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141118/3989b300/attachment.html>
More information about the cryptography
mailing list