Is OpenVPN able to fend off website traffic fingerprinting?

This forum is for general conversation and user-user networking.
Post Reply
innogen
OpenVPN Power User
Posts: 102
Joined: Sun May 22, 2011 8:14 am

Is OpenVPN able to fend off website traffic fingerprinting?

Post by innogen » Tue Sep 06, 2011 1:47 am

I was reading a blog on Tor's site entitled "Experimental Defense for Website Traffic Fingerprinting" (URL is https://blog.torproject.org/blog/ ) when a portion of the blog caught my eye. It reads as follows:

"Website fingerprinting is the act of recognizing web traffic through surveillance despite the use of encryption or anonymizing software."

"This information can be used to recognize your web traffic despite attempts at encryption or tunneling."

"Early work was quick to determine that simple packet-based encryption schemes (such as wireless and/or VPN encryption) were insufficient to prevent recognition of traffic patterns created by popular websites in the encrypted stream. Later, a small-scale study determined that a lot of information could be extracted from HTTPS streams using these same approaches against specific websites."

My question is: Is OpenVPN able to fend off website traffic fingerprinting? If the answer is "No", do the developers of OpenVPN plan to incorporate technologies to ward off such fingerprinting?

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Is OpenVPN able to fend off website traffic fingerprinti

Post by janjust » Tue Sep 06, 2011 9:50 am

interesting blog post - openvpn does not take any precautions against website traffic fingerprinting, so the answer would be 'no' ; I'm not aware of any development plans to include such a thing, but you're welcome to raise it as a feature request.

I'm not sure what the best defense would be - randomized pipelines might work for TOR, but I don't know how it would apply to openvpn (the architecture is quite different). One could also add randomized extra traffic between client and server, so that it is harder to discern website traffic.

Post Reply