Hacker News new | ask | show | jobs
by bnegreve 2708 days ago
> Regimes like egypt/syria can track people who try install tor and they can cherry-pick block repos based on package name.

They say https would not add privacy in this context because the package size (almost) uniquely determine the package name. Why is this invalid?
2 comments
rocqua 2708 days ago
You can block based on a name because you see the name before the package is sent.

You can't block based on package length, because you need to let the entire update through before you know the length. At that point, it's too late to block. Buffering the entire message doesn't work because TCP expects ACKs.

link
toast0 2708 days ago
A) you can buffer and send acks to the server and then trickle the data to the client

B) in the interest of memory usage, you could not buffer, and send selective acks to the server -- once you decide to allow it, stop blocking the first data packet, and let the client ack that without the sack and let the server retransmit.

c) b, but for network efficiency, actually let the client receive all packets but the first, and sack them itself --- then when you do allow the first packet, the rest of the packets won't need to be retransmitted.

link
rocqua 2708 days ago
Ah, I confused the hierarchy between TLS and TCP. I thought the acks were protected by TLS, but they are not.

There are still timeout issues with the buffering, but it is a lot weaker defense.

link
gnulinux 2708 days ago
You can just buffer one packet and reject it if you want at the end.
link
rocqua 2708 days ago
That'd pop up a mention of 'failed update' whereas in plaintext you can simply refuse to provide any packages.
link
gnulinux 2708 days ago
That doesn't make sense? If you have the capability to refuse all http packages, you can still refuse all https packages coming from debian. My comment was for refusing specific packages in https. Buffer the first package and ack. Then wait the rest, count the bytes. If bytes == N then I know this person is downloading tor, refuse the first package such that they can never download tor.
link
rocqua 2707 days ago
At that point, the client has initiated a specific update or install that fails. This is different from simply censoring the existence of a package.
link
onion-soup 2708 days ago
"Why do you need a speedometer when you can just calculate your current speed using tachometer, odometer and time, it's real simple man"
link
AstralStorm 2707 days ago
It is. You want to download Tor in some hard to track way, you probably shouldn't use an easily trackable source. There are better options including getting sent an email and torrents.

And given the scope of the attacker, fingerprinting by size and server is trivial so easily https adds nothing related to anonymity nor security.

link
bnegreve 2707 days ago
Ok, fair enough.
link