You get PADDING, everybody gets PADDING! You get privacy? evaluating practical QUIC website fingerprinting protections for the masses

Sandra Siby, Ludovic Barman, Christopher Wood, Marwan Fayed, Nick Sullivan, Carmela Troncoso

Research output: Working paperPreprint

Abstract

Website fingerprinting (WF) is a well-know threat to users' web privacy. New internet standards, such as QUIC, include padding to support defenses against WF. Previous work only analyzes the effectiveness of defenses when users are behind a VPN. Yet, this is not how most users browse the Internet. In this paper, we provide a comprehensive evaluation of QUIC-padding-based defenses against WF when users directly browse the web. We confirm previous claims that network-layer padding cannot provide good protection against powerful adversaries capable of observing all traffic traces. We further demonstrate that such padding is ineffective even against adversaries with constraints on traffic visibility and processing power. At the application layer, we show that defenses need to be deployed by both first and third parties, and that they can only thwart traffic analysis in limited situations. We identify challenges to deploy effective WF defenses and provide recommendations to address them.
Original languageEnglish
PublisherarXiv
Number of pages17
Publication statusSubmitted - 15 Mar 2022

Fingerprint

Dive into the research topics of 'You get PADDING, everybody gets PADDING! You get privacy? evaluating practical QUIC website fingerprinting protections for the masses'. Together they form a unique fingerprint.

Cite this