back to article Think crypto hides you from spooks on Facebook? THINK AGAIN

Activists just got another reason to worry about what spooks might be able to learn about them, with boffins demonstrating that a decent traffic fingerprint can tell an attacker what's going on, even if an app is defended by encryption. The researchers from the Universities of Padua and Rome have found that for activities like …

  1. Charles 9

    In other words, they can fingerprint you by using the fundamental underpinnings of the Internet. It's like figuring out your activities by skimming your incoming and outgoing post (just the addresses, not the contents). The additional volume of e-traffic makes the profile more robust. And since the endpoints are already known, TOR is useless.

    This is one heck of a side-channel attack because the only way to beat it is to mask the headers, and the only way to do that effectively is to introduce intentional inefficiencies into the Internet.

    1. a53

      Thinking again

      Or just stay off social networking sites ?

      1. This post has been deleted by its author

    2. Pascal Monett Silver badge

      Masking the headers to the routers is not an inefficiency - it's a full stop.

    3. itzman

      Old news..

      Traffic analysis has been used since at least WW1.And was highly used in WW2

      a sudden increase in encrypted traffic? the bastards are planning something, oh its on that frequency, that's command Berlin talking to Rommel.. etc

      The only way to subvert it is to send random length data packets from random addresses irrespective of whether there is anything to be said

      1. Anonymous Coward
        Anonymous Coward

        Re: Old news..

        A store-and-forward network (uucp style) with random timing, random padding, and random routing.

    4. James Micallef Silver badge

      Which makes it all the more important that privacy regulations extend to metadata not just data

    5. Rob 44

      Tor isn't useless. If utilised properly. As part of a range of measures rather than the only measure it's actually quite effective.

  2. Aslan

    The solution

    People have been trying with some success to do this for a while now. Thanks to The Register for keeping us up to date. The solution it would see is simple enough in concept for something like Twitter, Encrypt everything, pad the packets so they look the same, and communicate on preset intervals. IE update Tweets received every 30 seconds for everyone 5 tweets at a time. Those with many tweets could choose to receive 15 every 30 seconds. Always transmit the same amount of data if there's not enough tweets pad the data with encrypted gibberish. Admittedly such a solution would increase costs and decrease battery life, but you did want to live forever, right?

  3. Richard Jones 1
    WTF?

    We Are Talking About Facebook Right?

    Has anyone ever put anything useful let alone interesting on Facebook.

    Surely most users would, if followed by any authority, be more likely to be charged with wasting police, (and everyone else's) time?

    Or is there some magic to knowing what someone you never see bought, had for breakfast, went to see, etc., for the moment consider me totally confused.

  4. AbortRetryFail

    German Tank Problem

    Unless I have missed the point of this article, it's essentially a variation of the German Tank Problem isn't it?

    1. itzman

      Re: German Tank Problem

      Well yes and no.

      In the broadest sense it it is - getting a specific solution from meta-data rather than data.

      But traffic frequency analysis is not the same as counting gearbox serial numbers.

    2. Brewster's Angle Grinder Silver badge

      Re: German Tank Problem

      No. The German tank problem would be estimating the total number of posts when only a few can be seen.

      This is just fingerprinting. The timing of posts to $SocalNetwork in the last $ReasonableTimePeriod are unique. (Even if you've only written one post in the last month, there won't be many single posters who've posted at the exact same second you did.) So if you know when a suspect is sending TCP data, then you can search $SocialNetwork for posts made at the same time. It will be easy to correlate that with one account.

  5. Anonymous Coward
    Anonymous Coward

    How is this practically exploitable? You need to packet capture the traffic from the phone, and also know which Twitter account they're posting to, surely, to associate the phone with the twitter post?

    How do you do that on a 3G network? Unless you already suspect a given Twitter account is associated with a given mobile phone? Have I misunderstood?

  6. lars.r

    Could there be a work around ?

    If I’m understanding the hack correctly.

    The traffic analysis is based on the pattern of services the user accesses online: Doing this thing on this server and that thing on that server. Supplemented with headers and timestamps you get a pretty full picture. Sufficient to identity the user regardless of his sitting behind an encrypted tunnel to a proxy server.

    Padding the traffic with gibberish will no doubt help. But even if you add noise there is still signal. You really did post to twitter and read that bbc news article, even if the “padding” adds a bunch of other stuff, like some online version of the “babble box”.

    What about a hypothetical service that amalgamates the other service? And not just acting as a proxy for them either. It really acts like them as far as the user is concerned. He types in www.hyptectical.org/bbcnew/article.html and he sees the same article as if he had gone straight to www.bbcnews.co.uk/article.html. for static content the functionality could be much like a caching proxy. But for more dynamic stuff the hypothetical service would have application logic and act like the service the user is requesting when he requests it, and the same for others.

    The user submits a request over https containing what the server should do – the logic. It does it and returns the answer/data/whatever. Morphing to fit the requirements the user requests.

    NSA would then lose the information of a pattern of visiting sites. That still leaves timestamps of visiting this morphic site but if would not be known that took place there.

    Adding the babble box functionality and padding headers to fixed length as mentioned above, this could be quite secure.

    This is all speculation of course, but I’m thinking there are avenues worthy of pursuit here.

    1. Anonymous Coward
      Anonymous Coward

      Re: Could there be a work around ?

      So, one server to rule them all? Whose? Yours?

  7. William Boyle

    My philosophy about secrets

    There are no secrets unless only 1 person knows it. There are only "less well-known information". If you want truly secure communication with someone, find a deep, dark hole, both jump in, and then use a "cone of silence"...

  8. Dave 32
    Flame

    Analysis

    How much analysis does it take to determine that a person is posting yet another crazy cat video to a social networking site?

    Dave

  9. Hargrove

    Potential Threat

    The potential threat to citizens at large is grave. The results of this type of data classification are inherently uncertain. This is not always appreciated by the government agencies in their enthusiasm for "actionable intelligence."

    Discussions of the use of these techniques to warn police about perceived intent are the edge of a slippery slope. There may come a day when ordinary citizens will be at serious risk of being taken and detained by those who govern, not because of their actions, but based the results of some data-mining algorithm.

    As for scientific back-up for my assertions on the unreliability of this type of data classification, a Google search for "Tom Fawcett" and "ROC curves" will get you there.

  10. bpfh
    FAIL

    Confused...

    Once again, why bother decrypting the traffic when it will be publicly published at the endpoint ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like