Jeff Burdges:
On Thu, 2016-10-06 at 12:49 +0000, Georg Koppen wrote:
If properly implemented, then blind signatures from one session can safely be used with another session.**
Well, I assumed that blind signatures get properly implemented when writing my mail. There is more, though. The idea behind New Identity is clearing browser state as well as this state risks leaking into the new identity. "state" in this particular case would mean "having been on a clouldflare customer website before and having blinded tokens ready for spending".
Yes, it leaks roughly a bit of information about the bipartite graph between users and site visits. And I mentioned a layered approach to Alex that leaks more than one.
These bits cannot compound across multiple page loads or site visits, as anyone who visits the site gets them, but certainly there are concerns :
- These bits obviously compound with any information TBB or the user
leaks to the site.
- If multiple CDNs, etc. adopt this token based approach, then users can
easily be deanonymized by the CDNs they have or have not used.
- There is no way to safely use per site tokens as the differences
across sites can be used to tag users.
- We'd leak more if CloudFlare rotated their key.
- The layered scheme for token withdrawal that I mentioned to Alex
sounds more fragile now.
Very messy..
Thanks for pointing this out. :)
You are welcome. :) I am not sure yet how much of the information leakage you outlined above would still be an issue in case users did a New Identity and only the signed tokens remained. But as I said that is easily solvable: the tokens represent browser state and need to get treated accordingly (i.e. deleted if a user requests a new identity).
Having done New Identity might even be detectable by the edge in this case, given that it could send a cookie after performing the CAPTCHA request and signing the blinded tokens which would get cleared by New Identity.
I donno if I understand this part, but there is an existing problem that the edge sees cookies from many sites, allowing them to correlate traffic to deanonymize users with purely the cookies. I donno if these new edges cookies make that so much worse than cookies sites use anyways.
Sorry for being a bit dense. What I meant is a user having signed tokens trying to redeem one but is *not* sending cookies back to the edge (which would have been cleared by New Identiy) is a good indication for an edge that a user just requested a New Identity. And I'd like to avoid leaking that fact as well. (The probability that a Tor Browser user is crawling into some obscure Firefox menu to delete the cookies more or less manually when New Identity is the better option anyway seems to be pretty low to me).
Georg