On Thu, 2016-10-06 at 12:49 +0000, Georg Koppen wrote:
If properly implemented, then blind signatures from one session can safely be used with another session.**
Well, I assumed that blind signatures get properly implemented when writing my mail. There is more, though. The idea behind New Identity is clearing browser state as well as this state risks leaking into the new identity. "state" in this particular case would mean "having been on a clouldflare customer website before and having blinded tokens ready for spending".
Yes, it leaks roughly a bit of information about the bipartite graph between users and site visits. And I mentioned a layered approach to Alex that leaks more than one.
These bits cannot compound across multiple page loads or site visits, as anyone who visits the site gets them, but certainly there are concerns : - These bits obviously compound with any information TBB or the user leaks to the site. - If multiple CDNs, etc. adopt this token based approach, then users can easily be deanonymized by the CDNs they have or have not used. - There is no way to safely use per site tokens as the differences across sites can be used to tag users. - We'd leak more if CloudFlare rotated their key. - The layered scheme for token withdrawal that I mentioned to Alex sounds more fragile now.
Very messy..
Thanks for pointing this out. :)
Having done New Identity might even be detectable by the edge in this case, given that it could send a cookie after performing the CAPTCHA request and signing the blinded tokens which would get cleared by New Identity.
I donno if I understand this part, but there is an existing problem that the edge sees cookies from many sites, allowing them to correlate traffic to deanonymize users with purely the cookies. I donno if these new edges cookies make that so much worse than cookies sites use anyways.
Ideas for fixing that sounds pretty drastic : Do not send cookies, site data, etc. to sites protected by CloudFlare without user consent. Attempt to load them as static pages from CloudFlare's cache without revealing cookies. Attempt to use Ceno, etc. to get a static version of any page that is not itself static. Requite that users click through some dialog to access dynamic content on a page. Ain't just CloudFlare that weakens TLS in that way though.
Jeff