Reverse StumbleUpon.
Interesting concept but surely it would contribute needlessly to any data cap that you might have from your ISP? Seems a bit of a waste of resources to me.
There is no way to disguise traffic without deviating from maximally efficient network behavior (since âmaximally efficientâ means only transferring what you want transferred and having your packets take the most efficient path, both of which make it about as easy as it can be to see what you are doing and who is doing what). Itâs the same issue that TOR runs into: âonion routingâ is a deliberately perverse behavior (by networking standards) that introduces considerable latency and consumes bandwidth across additional links; but there is no more efficient method that still cloaks the user.
Whether it is a âwasteâ or not depends on whether you value what it does. Bandwidth spent obfuscating traffic, if you want obfuscated traffic, is as valid as bandwidth spent downloading files, if you want those files.
I never liked this type of obfuscation.
First of all itâs creating background traffic, which might not be much, but itâs there. Also data caps as someone mentions above.
Second, and most importantly, it gives possible interpretations to that fake data. Imagine there is an specific combination of sites that the dataminers assume to match a type of sexuality, religion, etc. Sure, your profile will be false, but it wonât be considered useless: Whoever is spying on you will take it literally because they donât know better, and will add preferences based on the fake data, instead of the opposite. For the better or for the worse.
Itâs like when you have your youtube suggestions based on what you actually watch, and then someone sends you a nyancat video, you open it, and suddenly your suggestions keep suggesting more nyancat or internet memes like it. Datamining seems to be additive in what it contains, itâll just add new stuff without bothering to check for conflicts, apparently.
Imagine your profile is exactly the same as before, except with random changes based on someone elseâs ideology. Imagine you are labeled as the wrong sexual orientation, political ideology, religion, etc. Imagine an employer buys access to that profile and discriminates you based on wrong data.
My biggest concern would be the difficulty of creating convincing simulated traffic against a sophisticated adversary with access to all traffic.
In particular, the inclusion of a âdefaultâ seed list seems very problematic. Iâd be inclined to not include one (because if the default appears to be working, nobody ever bothers changing it). Ideally, a little wizard (say, something with a copy of a spell-check dictionary that does a bunch of web searches and provides the user with a set of domain names, that they can optionally edit) to autopopulate the list would be nice; but even forced-manual would be an improvement.
Ironically, Chrome only. I mean, he could have made it for a browser not made by GoogleâŚ
Is that a hard requirement, or do de-Googled, but otherwise similar, Chromium-based browsers work?
A hard requirement would be foolish; but getting a defanged version of Chrome isnât exactly difficult.
Hmm, the plugin leads off talking about âAdvertisers and government agenciesâ - color me skeptical.
Agree w/ weissritter that this sort of âchaffâ really just raises surface area for false positives. Say youâre searching for backpacks and the background browser does a search for pressure cookers, for exampleâŚ
Beyond that, if tools like XKeyscore work as stream filters as the leaked docs imply, then once you get targeted, you donât really get much protection at all as finer-grained filters are applied (say at a site or keyword level).
For third party commercial third party datamining, it seems like Disconnect would be fine, or using private browsing for things that you donât want first parties to track. If you want more privacy you could combine that with VPNs and TOR (this of course, doesnât work against state actors - thatâll just get you flagged for extra scrutiny and as soon as anything leaks youâre hosed).
I assume it will work with Chromium. There is no reason why it wouldnât.
It would be more in line with their ideals to use Firefox though.
Ideologically that is probably true; but (just another little detail that makes their problem more difficult), determining which browser somebody is using by examining traffic on the wire or getting logs from a cooperative host is generally not that difficult.
By default, the browser will send an honest UA string, in the clear, with all sorts of requests. Even if you configure the browser to lie, individual sites often sniff more carefully (so they know what ghastly javascript tricks will or wonât work, etc.), sometimes with different resources requested from the server depending on the result.
Unless the system is to be trivially obvious, it is probably necessary to have the spoofed traffic generated by the same browser that the user typically uses for real activity.
I donât know how the stats are these days, so I donât know if Chrome is the best starting point or not; but if you want it to have a chance of working, supporting just one browser, any one, is going to be an issue (and letâs not even think about mobile browsers, which are power/data constrained, sometimes locked down, and should be easy to correlate with subscriber data provided by the notoriously privacy friendly Cell companies. People donât necessarily do most of their browsing on phones; because itâs unpleasant; but they often hit authenticated services from both phone and PC). It is not an easy problem.
I was thinking the same thing, do security minded people still use Chrome?
Chrome has very good security, actually. I just prefer an open source project and Mozilla is run by a non-profit foundation.
(Disclosure: I work for the Mozilla Corporation.)
Since the type of background browsing this plugin does is configurable, there is no chance a malicious agency could use it on a target, someone who isnât tech savvy, the kind of person with a dozen random toolbars installed,for example, to give them a false profile for browsing terrorist related or illegal content?
Or am I just being super paranoid?
AFAIK it wonât work. Given a long enough history itâs easy to filter out the noise from the signal. At least thatâs what I was told by security experts when suggesting similar techniques to hide other data. A quick google brings up this paper.
Iâm sure thereâs more but basically I was told itâs security 101 that adding random noise will not hide the data.
The Kargupta paper is nicely general, but the amount of noise they add is not enormous: they note that for SNR << 1 the method doesnât do that well.
A more directly relevant paper is
http://www.informatica.si/PDF/34-2/14_Pozenel%20-%20Separating%20Interleaved%20HTTP%20Sessions.pdf
which shows how to disambiguate interleaved clickstreams using Markov models. This looks harder to spoof: if there is no link from a page on site A to site B and vice versa, then a sequence A1 B1 A2 B2⌠is pretty easy to separate. Same thing for parts of a site that rarely have transitions between each other. However, this method has problems when users can jump into a site at nearly any point (hard to tell where a session starts) and when sessions overlap in the sequence.
So my suggestion for the plugin is to have the option of using URLs in the current browsing history to create more overlapping clickstreams, and maybe find a few more ways of jumping straight into sites (googling some keywords gleaned from past pages and then jumping?)
I think because the extension clicks on the actual links in the page, the method described in Pozenel et al. wonât work.
But can I get a plugin to automatically connect me through seven proxies?
Yes, but by tending towards the more popular websites, all it does is make your browsing history more average than it was. And thatâs the same as not knowing anything about you.
Why? Because if they didnât know anything about you, they would assume you were average.
Imagine the nyancat video were trending, and everyone was clicking on it. In the absence of any information, YouTube would have to assume you liked nyancat. If you get annoyed at it because itâs not as relevant to you, that actually means that you secretly like the fact that YouTube is knows enough about you to show you videos about makers, or about backpacks and pressure cookers, or whatever it is you tend to search for, and not show you nyancat videos.
If you donât actually like that fact, then you can install this and, sure, youâll start seeing more ads for beer and football. But thatâs exactly what you would have been seeing in the absence of other information.
Unless it downloads movies, youâre unlikely to hit any reasonable* data-cap using this.
- yeah, okay. Poor choice of word. No data-cap is reasonable.
