Randomize non-pipelined requests to defend against traffic fingerprinting

changed milestone to %TorBrowserBundle 2.3.x-stable

added MikePerry201204 actualpoints::12 component::firefox patch issues milestone::TorBrowserBundle 2.3.x-stable owner::mikeperry parent::7027 points::4 priority::high resolution::fixed severity::normal status::closed tbb-no-uplift type::defect labels

Trac:
randomized-fetch-order.patch

Patch by Martin Henze

Trac:
Status: new to needs_review

Trac:
Cc: N/A to g.koppen@jondos.de

Trac:
Keywords: N/A deleted, MikePerry201203 added

SPDY just landed in Firefox 11. We probably want to look into that code during the review here.

Trac:
Keywords: MikePerry201203 deleted, MikePerry201204 added

Ok, this is all set and merged. I had to alter the patch a bit to ensure request randomization. I also pinged Henze and Panchenko with the updated version.

I also looked into the SPDY spec briefly. It has the ability to store arbitrary state in the browser.. We'll want to neuter that, as well as reduce its insanely long keepalive duration. I have not put deep thought into how to do request randomization or stream limiting in spdy, though (or if it is really beneficial anymore in the face of the ultra-efficient request pipelining).

Trac:
Points: N/A to 4
Resolution: N/A to fixed
Status: needs_review to closed
Actualpoints: N/A to 12

Trac:
Parent: N/A to #7027 (moved)

Trac:
Sponsor: N/A to N/A
Severity: N/A to Blocker
Reviewer: N/A to N/A
Keywords: N/A deleted, tbb-no-uplift added

Trac:
Severity: Blocker to Normal

closed

changed time estimate to 32h

added 96h of time spent

mentioned in issue #5404 (closed)

mentioned in issue #6092 (closed)

mentioned in issue #12620 (moved)

mentioned in issue #22415 (moved)

mentioned in issue tpo/applications/tor-browser#22415 (closed)

Randomize non-pipelined requests to defend against traffic fingerprinting

Child items ...

Activity