Ask HN: Generate random traffic for metadata obfuscation?

44 points by fratlas ↗ HN
I remember some time ago a scare of meta data or something similar being leaked and specific peoples traffic being available (not security background so sorry if that doesn't even make sense), was just wondering if there were any scripts to randomly send requests to accumulate random meta data and obfuscate your real traffic?

18 comments

[ 3.8 ms ] story [ 12.2 ms ] thread
I've given this a good bit of thought; I'm sure its easy to generate plausible deniability, but actually masking relationships is not as simple as it sounds, as an adversary will easily filter out random noise.

You would need chaff deliberately constructed to look a bit like non-random social network/communication data; that's kind of a research project, and its going to be hard to guarantee it is working in the face of unknown statistical attack.

TrackMeNot (http://cs.nyu.edu/trackmenot/) uses this technique to protect against web search tracking.

In general, privacy by obfuscation is an idea that privacy researchers have been considering. Other than TrackMeNot, however, I haven't seen many real-world applications.

Hah, awesome add-on, you can even add your own (language) websites/rss feeds.
Scripts like these can be easily circumvented as browsing habits are not random. Using machine learning or statistical methods, you can filter out the randomness. People can be identified by the unique set of websites they use pretty reliably. (see https://svs.informatik.uni-hamburg.de/publications/2013/2013...) The only way to anonymize yourself using fake traffic is not to generate random traffic but to specifically engineer requests which bring you closer to the global average. How to do this is still an open research question.
Why not generate browsing sessions from the mean?

As a crude example, feed the browsing histories of many "typical" users into a Markov chain and do random walks during typical browsing hours.

Yes, that is a possible approach. The problem is to get browsing histories from typical users. If an anonymity tool needs to gather the user's browser history and share it with others, it kind of defeats the purpose of providing anonymity.
The willfully ignorant "I have nothing to hide" crowd may be a viable source of volunteers.
Even then, they're not going to install am extension just so you can track them.
You could probably get the usage data from companies by offering analytics.
What if you were to train an algorithm for a given user's usage patterns on a website and then project those patterns onto other users? Use machine learning to generate realistic noise seeded with random keyword topics that would span multiple sites. It would appear to anyone watching as if you really did have a certain number of interests, that you don't actually hold. Then superimpose a bunch of fake usage profiles over your actual browsing.
That sounds awesome! "Tonight, I want Google to think that I'm a duck watcher that is interested in skydiving and cooking at low altitudes!" and you just combine your profile to be whatever you want.

You could even use that as a purchasing advantage. "Well, I'm interested in knowing what a gamer would buy in this situation. So, I'm going to use a 23 year old gamer geek profile." or "I wonder what you would buy a photographer for Christmas.." then you just seed it with photographer data and let it suggest you things then you pick something haha

Yes, this is an open question (and a very hard one). As a good first step, just use Tor.

Tor does not protect you against the NSA - or, against, say CMU with a million in funding - but it's both fairly practical and a good first step towards a complete solution.

Set up a Tor Exit node.
I don't know what's happening with this now, but I remember the Pond ( https://www.imperialviolet.org/2013/11/10/pond.html ) project working on something like this. I believe they were trying to do this with encrypted data as opposed to plaintext, but their work might still be interesting. IIRC a big part of it was batching transmissions and introducing a delay, sending 'dummy' data when there was no 'real' data, at regular intervals (to prevent timing/traffic correlation attacks).

It kind of reminded me of the old Asynchronous Transfer Mode protocol, with its cells.

Here's a couple of papers describing metadata resistant anonymity systems that may help you understand how "chaff" traffic can help obfuscate real traffic. It's not as simple as generating random noise because real traffic patterns can be identified with confirmation or intersection attacks.

Aqua: http://conferences.sigcomm.org/sigcomm/2013/papers/sigcomm/p...

Dissent: http://bford.info/pub/net/panopticon-cacm.pdf

Of particular interest to your question are the threat models.

fteproxy [1] can superficially mask the protocol that you're using (e.g., makes Tor look like HTTP) using regular expressions.

marionette [2] enables control over what protocol it looks like you're using and duration of connections generated, amount of data sent per connection, etc.

[1] https://fteproxy.org/ [2] https://github.com/marionette-tg/marionette