HTTPS is not enough: boffins fingerprint user environments without cracking crypto

[steven36]

Comms patterns ID OS, browser and application

 

 

Encryption might hide important content from prying eyes, but a group of Israeli researchers has found that HTTPS traffic alone can fingerprint a user's operating system, browser, and application.

 

With a big enough learning set, they write, they were able to identify users' environments with 96.06 per cent accuracy.

 

In their paper at Arxiv, the group – from Ariel University and the Ben-Gurion University of the Negev – show that the characteristics of communication traffic (timing, flows in both directions, variations in packet size and the like) are distinctive enough to create the fingerprint.

 

It's not only passing spooks that will take an interest in such identification: “A passive adversary may also collect statistics about groups of users for improving their marketing strategy. In addition, an attacker may use tuples statistics for identifying a specific person”, the researchers write.

 

The information would also help someone targeting an attack, since eavesdroppers (for example, someone sucking traffic out of a public Wi-Fi hotspot) “can easily leverage the information about the user to fit an optimal attack vector”.

 

The operating systems the researchers tested were Windows, Linux (Ubuntu) and OSX; they tested the Chrome, IE, Firefox and Safari browsers; and the applications in the dataset included Facebook and Twitter.

Connection behaviour had already been used to identify Skype and other VoIP conversations in spite of encryption, but that didn't reach all the way to the underlying operating system, the paper says.

 

The researchers have published their dataset here for others to test.

 

The Source

[sshr]

seems interesting. great idea!

[straycat19]

To repeat what I have previously stated, anything made by man can be exploited by man.  If you are on the internet expect some, if not all, of your privacy to be not private.  No one really knows the capabilities of government agencies to capture individuals information.  GCHQ and the London Police seem to be doing a better job than the NSA or FBI, or maybe it is they are just more forthcoming with their results.

[steven36]

7 hours ago, straycat19 said:

To repeat what I have previously stated, anything made by man can be exploited by man.  If you are on the internet expect some, if not all, of your privacy to be not private.  No one really knows the capabilities of government agencies to capture individuals information.  GCHQ and the London Police seem to be doing a better job than the NSA or FBI, or maybe it is they are just more forthcoming with their results.

Steve Wozniak said it best about back doors  made for or by the government.

 

Quote

 

All through my time with personal computers from the start, I developed an attitude that things like movement towards newer, better technologies - like the Macintosh computer, like the touchscreen of the iPhone - that these were making the human more important than the technology. We did not have to modify our ways of living. So the human became very important to me. And how do you represent what humanity is?

 

You know what, I have things in my head, some very special people in my life that I don't talk about, that mean so much to me from the past. Those little things that I keep in my head are my little secrets. It's a part of my important world, my whole essence of my being. I also believe in honesty. If you tell somebody, "I am not snooping on you," or, "I am giving you some level of privacy; I will not look in your drawers," then you should keep your word and be honest. And I always try to avoid being a snoop myself, and it's rare in time that we can look back and say, "How should humans be treated?" Not, "How can the police run everything?"

 

I was brought up in a time when communist Russia under Stalin was thought to be, everybody is spied on, everybody is looked into, every little thing can get you secretly thrown into prison. And, no. We had our Bill of Rights. And it's just dear to me. The Bill of Rights says some bad people won't do certain bad things because we're protecting humans to live as humans.

 

So, I come from the side of personal liberties. But there are also other problems. Twice in my life I wrote things that could have been viruses. I threw away every bit of source code. I just got a chill inside. These are dangerous, dangerous things, and if some code gets written in an Apple product that lets people in, bad people are going to find their way to it, very likely.

https://www.reddit.com/r/IAmA/comments/4apj5f/im_apple_cofounder_steve_wozniak_ask_me_anything/

 

 

 

 

 

When you  have backdoors  that can be exploited  its just a matter of time  tell its used by the bad guys  and backfires in all there faces . Holes in things are security risk regardless if done intentional  or it was just  unintentional and there all along . You may  get a thrill  out of  the cops weakening our security.. but when something bad happens because of it you're going to be eating crow . its just like when the A bomb was  made back in world war 2 they were all  in a race to make it  and the USA were the 1st to  succeed  and the only ones to ever use it so far .  but  the Manhattan project leaked  and most countries  friendly and not  friendly have there  own nukes and its a serious  problem .  .By allowing one country to have unlimited access to personal info is very dangerous  before you know it people you  dont want will have  it.

 

This is why i never use my real full name on the internet  since like 2006 . even to order stuff  i  get someone else on my network  to order it in there name..  and just give them cash for doing it 

 

I seen back in the 1st decade of the 21st century  to many people who got exposed  by just being  careless  and putting there personal info out there . If people  that's not Government can expose people so easy . imagine  how easy it must be for Governments . And most of it comes from pure carelessness and trusting you're personal info  over the open airways .