Ask HN: Generate random traffic for metadata obfuscation?
I remember some time ago a scare of meta data or something similar being leaked and specific peoples traffic being available (not security background so sorry if that doesn't even make sense), was just wondering if there were any scripts to randomly send requests to accumulate random meta data and obfuscate your real traffic?
18 comments
[ 3.8 ms ] story [ 12.2 ms ] threadYou would need chaff deliberately constructed to look a bit like non-random social network/communication data; that's kind of a research project, and its going to be hard to guarantee it is working in the face of unknown statistical attack.
In general, privacy by obfuscation is an idea that privacy researchers have been considering. Other than TrackMeNot, however, I haven't seen many real-world applications.
As a crude example, feed the browsing histories of many "typical" users into a Markov chain and do random walks during typical browsing hours.
You could even use that as a purchasing advantage. "Well, I'm interested in knowing what a gamer would buy in this situation. So, I'm going to use a 23 year old gamer geek profile." or "I wonder what you would buy a photographer for Christmas.." then you just seed it with photographer data and let it suggest you things then you pick something haha
Tor does not protect you against the NSA - or, against, say CMU with a million in funding - but it's both fairly practical and a good first step towards a complete solution.
It kind of reminded me of the old Asynchronous Transfer Mode protocol, with its cells.
Aqua: http://conferences.sigcomm.org/sigcomm/2013/papers/sigcomm/p...
Dissent: http://bford.info/pub/net/panopticon-cacm.pdf
Of particular interest to your question are the threat models.
marionette [2] enables control over what protocol it looks like you're using and duration of connections generated, amount of data sent per connection, etc.
[1] https://fteproxy.org/ [2] https://github.com/marionette-tg/marionette