http://emergentchaos.com/archives/2008/06/not-quite-clear-on-the-subject.html The Emergent Chaos Jazz Combo Mon, 15 Mar 2010 15:02:09 +0000 http://wordpress.org/?v=2.9.2 hourly 1 http://emergentchaos.com/archives/2008/06/not-quite-clear-on-the-subject.html/comment-page-1#comment-4796 mordaxus Sat, 28 Jun 2008 04:13:14 +0000 http://emergentchaos.com/?p=2807#comment-4796 re; fishbane It helps, but it is unlikely to defeat it. It depends a lot on the size of the pages, their layout, and the degree of padding with respect to overlap. Imagine for example that you have a landing page and three pages underneath it. If the three pages are 100, 200, and 300 bytes long, it's easy to create doubt about the middle one with respect to the two ends, but harder with the two ends. It is also very hard to disguise the largest one for anything other than it is. If you download a 357 byte page, it's easy for me to guess which it is. The same if you download a 189 byte page. If you download a 214 byte page, you have more cover, but my smart bet is still on the middle one, and in any event, I know it's not the big one. If those three pages are 1MB, 2MB, and 3MB, it's even harder. (If they are songs, the likelihood they'll be big is much greater, and that's what the adversary wants to know, anyway. If you downloaded a whole album, the collection of sizes in a sequence would be much harder to disguise.) You can do other things like download the album tracks in random order, but this is still just a variant of the CDDB problem. The problem is that fuzzing is much harder to do than detecting. re; fishbane
It helps, but it is unlikely to defeat it. It depends a lot on the size of the pages, their layout, and the degree of padding with respect to overlap.
Imagine for example that you have a landing page and three pages underneath it. If the three pages are 100, 200, and 300 bytes long, it’s easy to create doubt about the middle one with respect to the two ends, but harder with the two ends. It is also very hard to disguise the largest one for anything other than it is. If you download a 357 byte page, it’s easy for me to guess which it is. The same if you download a 189 byte page. If you download a 214 byte page, you have more cover, but my smart bet is still on the middle one, and in any event, I know it’s not the big one.
If those three pages are 1MB, 2MB, and 3MB, it’s even harder. (If they are songs, the likelihood they’ll be big is much greater, and that’s what the adversary wants to know, anyway. If you downloaded a whole album, the collection of sizes in a sequence would be much harder to disguise.)
You can do other things like download the album tracks in random order, but this is still just a variant of the CDDB problem. The problem is that fuzzing is much harder to do than detecting.

]]> http://emergentchaos.com/archives/2008/06/not-quite-clear-on-the-subject.html/comment-page-1#comment-4795 fishbane Thu, 26 Jun 2008 14:27:57 +0000 http://emergentchaos.com/?p=2807#comment-4795 As far as detecting pages by size, couldn't adding variable random "padding" in an HTML comment or similar defeat this? As far as detecting pages by size, couldn’t adding variable random “padding” in an HTML comment or similar defeat this?

]]> http://emergentchaos.com/archives/2008/06/not-quite-clear-on-the-subject.html/comment-page-1#comment-4794 Nathaniel H. Wed, 25 Jun 2008 10:48:44 +0000 http://emergentchaos.com/?p=2807#comment-4794 There's an article on The Inquirer today (link: <a href="http://www.theinquirer.net/gb/inquirer/news/2008/06/25/torrent-site-encrypts-piracy)" rel="nofollow">http://www.theinquirer.net/gb/inquirer/news/2008/06/25/torrent-site-encrypts-piracy)</a> that also mentions that The Pirate Bay (TPB) will be adding VPN functionality as well. This is something I didn't see in previous articles. It still does not increase the anonymity to any great degree. Perhaps it is only a matter of time until TPB embraces Tor or something similar. That still isn't a fool proof solution to the issue. Perhaps there are some protections to encrypted content in the Swedish law? There’s an article on The Inquirer today (link: http://www.theinquirer.net/gb/inquirer/news/2008/06/25/torrent-site-encrypts-piracy) that also mentions that The Pirate Bay (TPB) will be adding VPN functionality as well. This is something I didn’t see in previous articles. It still does not increase the anonymity to any great degree. Perhaps it is only a matter of time until TPB embraces Tor or something similar. That still isn’t a fool proof solution to the issue.
Perhaps there are some protections to encrypted content in the Swedish law?

]]> http://emergentchaos.com/archives/2008/06/not-quite-clear-on-the-subject.html/comment-page-1#comment-4793 deadmoo Wed, 25 Jun 2008 10:46:34 +0000 http://emergentchaos.com/?p=2807#comment-4793 I saw on slashdot that TPB is using self-signed certificates. If that is true, it is even more useless. I saw on slashdot that TPB is using self-signed certificates. If that is true, it is even more useless.

]]>