Publications about tracking and spying technologies

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
(Certified Lies)
(Remote physical device fingerprinting by TCP timestamps)
Line 20: Line 20:
  
 
Download: [https://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl EFF.org] ([https://anonymous-proxy-servers.net/paper/ssl-mitm.pdf local copy]) 630 kB, 19 pages  English, released 2010-April
 
Download: [https://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl EFF.org] ([https://anonymous-proxy-servers.net/paper/ssl-mitm.pdf local copy]) 630 kB, 19 pages  English, released 2010-April
 +
 +
=== Remote physical device fingerprinting by TCP timestamps ===
 +
''Abstract:'' The paper introduce the area of remote physical device fingerprinting, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device's known cooperation. Example applications include: computer forensics, tracking (with some probability), counting the number of devices behind a NAT even when the devices use constant or random IP IDs and unanonymizing anonymized network traces.
 +
 +
Download: [http://www.cs.washington.edu/homes/yoshi/papers/PDF/ CAIDE, UC San Diego] ([https://anonymous-proxy-servers.net/paper/fingerprinting-by-tcp-timestamps.pdf local copy]) 700 KB, 15 pages  English, released 2005

Revision as of 15:09, 23 January 2012

En2.png De2.png


Contents

Publications about tracking and spying technologies

Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices

Abstract: Anytime you travel internationally, especially into the USA, you risk a broad, invasive search of your laptop, phone, and other digital devices – including the copying of your data and seizing of your property for an indefinite time. To help travelers protect themselves and their private information during the busy holiday travel period, the Electronic Frontier Foundation (EFF) released a report with important guidance for safeguarding your personal data at the U.S border. Use a second mobile phone without any personal data inside, and remove any sensitive data from your laptop. Encryption is not a good and sufficient idea, as it usually results in pasword request, and theft of the device if you refuse to reveal the password.

Download: EFF.org (local copy) 1/2 MiB PDF, 24 pages, English, released 2011-December

Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning

Abstract: In this followup study, we reassess the Flash cookies landscape and examine a new tracking vector, HTML5 local storage and Cache-Cookies via ETags. We found over 5,600 standard HTTP cookies on popular sites, over 4,900 were from third parties. Google-controlled cookies were present on 97 of the top 100 sites, including popular government websites. Seventeen sites were using HTML5, and seven of those sites had HTML5 local storage and HTTP cookies with matching values. Flash cookies were present on 37 of the top 100 sites. We found two sites that were respawning cookies, including one site – hulu.com – where both Flash and cache cookies were employed to make identifiers more persistent. The cache cookie method used ETags, and is capable of unique tracking even where all cookies are blocked by the user and “Private Browsing Mode” is enabled.

Download (released 2011): Social Science Research Network (local copy) 1.7 MiB PDF

Certified Lies - Detecting and Defeating Gouvernment Interception Attacks against SSL

Abstract: C. Soghoian and S. Stamm introduced a new attack, the compelled certificate creation attack, in which government agencies compel a certificate au- thority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals’ secure Web-based communications. They reveal alarming evidence that suggests that this attack is in active use.

Download: EFF.org (local copy) 630 kB, 19 pages English, released 2010-April

Remote physical device fingerprinting by TCP timestamps

Abstract: The paper introduce the area of remote physical device fingerprinting, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device's known cooperation. Example applications include: computer forensics, tracking (with some probability), counting the number of devices behind a NAT even when the devices use constant or random IP IDs and unanonymizing anonymized network traces.

Download: CAIDE, UC San Diego (local copy) 700 KB, 15 pages English, released 2005

Personal tools