我们之前写过浏览器指纹(Browser Fingerprinting),网站可以知道谁是访问他们的人。网站流量指纹(Website Traffic Fingerprinting)或流量指纹是一种类似的方法。它允许第三方窥探您并了解您在Internet上所做的事情。文章解释了它是如何可能的,然后讨论它是否危险。
网站流量指纹
网站流量指纹(Website Traffic Fingerprinting)是一种确定用户何时以及在Internet上做什么的方法。有问题的用户可能正在使用代理或安全隧道VPN、加密等。但仍然可以通过窥探在 Internet 上来回传输的数据包来确定此人对(Internet)Internet的使用情况。
甚至TOR 网络(TOR Network)(洋葱路由器(Onion Router))也表示,犯罪分子有可能解码其用户所做的事情。TOR在其博客中表示,数据被加密并转发。我们都知道TOR(TOR)网络中有许多节点,因此当局无法跟踪用户。但是随后,网站指纹识别出现了。对于TOR ,数据包在到达(TOR)TOR网络中的第一个节点之前都是易受攻击的。这些信息很容易获得。如果当局或犯罪分子在TOR(TOR)上设置多个节点网络,数据通过它们的可能性很高。当这样的事情发生时,他们窥探者会撕掉加密以了解数据包的去向。
但网站流量指纹(Website Traffic Fingerprinting)不仅仅与TOR 浏览器(TOR browser)有关。它是关于人们如何窥探您以了解您在Internet上所做的事情以及他们如何利用这些信息。
是什么促使网站流量指纹识别(Website Traffic Fingerprinting)
根据TorProject,
“The exact motivation for this effort on behalf of the adversary is typically not specified, but there seem to be three possibilities, in order of increasing difficulty for the adversary:
攻击者有兴趣阻止特定的审查网页流量模式,同时保持其余的类似 Tor 的流量不受干扰(可能是因为 Tor 的数据包混淆层看起来是合法的,攻击者希望避免阻止)。注意:您可以用任何其他加密流量替换 TOR。
攻击者有兴趣识别访问一小部分特定目标页面的所有用户。
对手有兴趣识别用户访问的每一个网页。”
网站流量指纹(Website Traffic Fingerprinting)如何工作?
网站(Website)流量指纹,或简称“流量指纹”,在客户端工作。也就是说,窥探者研究进入和离开网站的数据包。如前所述,它可能只是一个有兴趣了解哪些类型的网站获得更多浏览量的营销人员——或者即使您尝试使用代理、VPN或其他形式的安全浏览,它也可能是跟踪您的移动的一些权威。
数据离开和进入网站的方式很大程度上说明了正在查看、缓冲或下载的内容。如果数据包很大,而且发布的时间间隔太长,说明用户在某个视频站点。
同样,如果数据包非常小并且以非常短的间隔离开网站,则可能是电子邮件网站,或者只是阅读网站的人。
基于这些模式,人们可以理解发生了什么。但除非他们破解加密,否则他们无法知道正在传输的具体数据。
阅读(Read):什么是网络跟踪?什么是浏览器中的跟踪器?(What is Web Tracking? What are Trackers in browsers?)
网站流量指纹(Website Traffic Fingerprinting)的危险
唯一致命的危险是网站流量指纹识别可能会破坏您的身份。如果您使用VPN(VPN)或其他形式的加密,它不会以任何方式窃取您的数据。主要目的是了解用户以及他/她对Internet的兴趣。该方法主要用于加密数据包,以检查是否正在执行非法操作。我不认为它可以用于其他任何事情。如果您使用加密连接,则无需惊慌。
以上是我对网站流量指纹的看法。如果你想添加一些东西,请做。(This above is my take on Website Traffic Fingerprinting. If you feel like adding something, please do.)
What is Website Traffic Fingerprinting? How to protect yourself?
We had earlier written on Browser Fingerprinting where it was possible for websites to know who is the person visiting them. Website Traffic Fingerprinting or traffic fingerprinting is a similar method. It allows third parties to snoop on you and get an idea of what you do on the Internet. The article explains how it is possible and then talks if it is dangerous.
Website Traffic Fingerprinting
Website Traffic Fingerprinting is a method to determine when and what a user does on the Internet. The user in question may be using a proxy or a secure tunnel VPN, encryption, etc. But still, it is possible to determine the person’s usage of the Internet via snooping on the data packets traveling to and fro on the Internet.
Even TOR Network (The Onion Router) says it is possible for criminals to decode things being done by its users. In its blog, TOR said that data is encrypted and sent forward. We all know there are many nodes in the TOR network so that authorities cannot track the users. But then, website fingerprinting comes in. For TOR also, the data packets are vulnerable until they reach the first node in the TOR network. This information can easily be obtained. If the authorities or criminals set up multiple nodes on the TOR network, there are high chances of data passing through them. When such things happen, they snoopers rip off the encryption to know where the data packets are going.
But Website Traffic Fingerprinting is not only about the TOR browser. It is about how people snoop on you to know what you are doing on the Internet and how they make use of that information.
What motivates Website Traffic Fingerprinting
According to the TorProject,
“The exact motivation for this effort on behalf of the adversary is typically not specified, but there seem to be three possibilities, in order of increasing difficulty for the adversary:
The adversary is interested in blocking specific censored webpage traffic patterns, while still leaving the rest of the Tor-like traffic unmolested (perhaps because Tor’s packet obfuscation layer looks like something legitimate that the adversary wants to avoid blocking). NOTE: You may replace TOR with any other encrypted traffic.
The adversary is interested in identifying all of the users that visit a small, specific set of targeted pages.
The adversary is interested in recognizing every single web page a user visits.”
How does Website Traffic Fingerprinting work?
Website traffic fingerprinting, or simply ‘traffic fingerprinting’, works on the client end. That is, snoopers study the data packets entering and leaving a website. As said earlier, it could just be a marketing guy who is interested in knowing what types of websites get more views – or it can be some authority tracking your moves even if you try a proxy, VPN or other forms of secure browsing.
The way data leaves and enters a website says a lot about what is being viewed, buffered or being downloaded. If the data packets are huge and the time interval among releases is too high, it indicates that the user is on some video site.
Likewise, if the data packets are pretty small and leave the website at a very low interval, it could be an email website, or someone just reading a website.
Based on these patterns, one can understand what is going on. But unless they break the encryption, they can’t know about the specific data being transferred.
Read: What is Web Tracking? What are Trackers in browsers?
Dangers of Website Traffic Fingerprinting
The only deadly danger is that website traffic fingerprinting might blow off your identity. It won’t steal your data in any way if you are using VPN or other forms of encryption. The main purpose is to know the user and what are his/her interests on the Internet. The method is mainly used for encrypted packets to check if something illegal is being done. I do not think it can be used for anything else. There is no need to panic if you are using encrypted connections.
This above is my take on Website Traffic Fingerprinting. If you feel like adding something, please do.
