Privacy appears to be essential for Gemini users. A lot of discussions revolve around TLS, TOFU and how to prevent man-in-the-middle (MITM) attacks. There may be other attacks simpler to set up. Let's take an example: Alice visits Bob's gemini capsule. Nathan is a young NSA analyst assigned to this emerging Gemini thing. We assume Nathan has access to the tcp stream between Alice and Bob. The stream is TLS-encrypted (with the most recent TLS crypto). What can Nathan do? Nathan quickly builds a gemini spider/indexer program and starts collecting for all Gemini sites the accessible files as any user could do. On whether Nathan's spider respects robots.txt, your guess is as good as mine. Nathan finds that Bob's capsule contains 3 files (this is just an example!) which are 1KB, 5KB and 100KB large. Now Nathan looks at Alice's encrypted traffic with Bob's server. Just looking at the response sizes, Nathan knows what file(s) Alice has accessed and their content (collected during the indexing phase). No crypto, no MITM involved. Of course, with lots of files in Bob's capsule, the matching is less perfect, but it still leaks lots of information regarding what Alice read. This is easier for Gemini than for https because Gemini documents are precisely simpler. No keep-alive (or maybe I missed some recent Gemini development?), each file is loaded in its own request-response transaction. What countermeasures could we propose? I can think of a few more or less practical approaches:: 1. make sure the same file is never served with the same size - add random white space at the end of gmi / txt / html files, add random comments to pics, zip files, etc. 2. or add lots of "decoy" files (with all sorts of sizes) to your capsule. It will make life more difficult for the attackers, ... but also for the legit indexers. 3. Adopt a "twitter-like" approach: serve only fixed-size content. Serve only 8 KB gmi pages and 32KB pics (didn't Solderpunk have an experiment with fixed size pics?) Do you consider that this type of attack is far-fetched? To set them up, an access to the network is required (to log Alice transactions) - so typically an ISP (or maybe a 3-letter agency :-) - maybe also corporate IT, for a targeted attack against an employee. Or do you think the Gemini/TLS privacy expectations should apply only to non-indexable exchanges (CGI, user input)? This is not to say that TLS does not protect against attacks. At the moment the most obvious threat I can see that is really blocked by TLS is not against privacy but against _integrity_, e.g. in the example above, Alice's or Bob's ISP _injecting_ advertisement in Bob's reponse. Has any server author designed some sort of countermeasure against length-based attacks? Has it been already discussed?
---
Next in thread (2 of 16): 🗣️ nothien (a) uber.space (nothien (a) uber.space)