Slashdot Mirror
HTTP GZIP Compression Leaks Data On the Location of Tor Web Servers
An anonymous reader writes: The GZIP compression format includes a field in its header that shows the Web server's local date, at which the data was gzipped. Almost all Web servers use "zeros" to pad this field by default, citing performance issues. Around 10% of Tor site operators have removed this feature and are printing the packet's compression date. Unknown to them, this "server local date" leaks the Tor site's timezone which law enforcement can then narrow down to a specific geographical area. Coupled with other Tor protocol leaks, this could help deanonymize .onion sites.
Or just pad it with zero's like everything else does, apparently.
Better to go with the flow in this case instead of trying to be clever.
My eyes reflect the stars and a smile lights up my face.
find a way to slap a VPN after TOR
You don't have any control over the "after TOR" side of the connection. You could slap a VPN before TOR, or operate an exit node that uses a VPN, but there's no way you'd want to be using your own exit node if you wanted the protection of TOR.
It could be more helpful than you think. If the server says its timezone is in the US, for example, that may be enough for a judge to grant the FBI a warrant authorizing god-knows-what attacks against it.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Almost every attempt to poison data turns into another datapoint. That datapoint is likely more valuable than a NULL value.
For instance, that leaks data about your pseudo-random number generator, opens up timing based identification, etc.
Your ad here. Ask me how!