Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers From MIT and Harvard University Present a Paper Describing a New System, Dubbed Veil, That Makes Private Browsing More Private (mit.edu)

Posted by msmash on from the how-about-that dept.

From a blog post on MIT News Office: Veil would provide added protections to people using shared computers in offices, hotel business centers, or university computing centers, and it can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor, which was designed to protect the identity of web users living under repressive regimes. "Veil was motivated by all this research that was done previously in the security community that said, 'Private-browsing modes are leaky -- Here are 10 different ways that they leak,'" says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. "We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place."

20 comments

  1. Ah, Slashdot, I hardly knew ye... 1997 to 2018 by shrdlu · · Score: 4, Funny

    More curious as to whether posting is possible than caring about this particular subject...

    --
    The difference between a Miracle and a Fact is exactly the difference between a mermaid and a seal. (Mark Twain)
    1. Re:Ah, Slashdot, I hardly knew ye... 1997 to 2018 by Mister+Liberty · · Score: 2

      I know what you mean. Let's see if replying works...

    2. Re:Ah, Slashdot, I hardly knew ye... 1997 to 2018 by Anonymous Coward · · Score: 0

      Was it a DDOS or something, or is /. now connected directly to a TLA thru the Narus.

    3. Re:Ah, Slashdot, I hardly knew ye... 1997 to 2018 by Anonymous Coward · · Score: 0

      FIRST!
      to see if it works

  2. Don't we already have VPN? by Anonymous Coward · · Score: 0

    Can't you simply use a VPN to remain private?

    1. Re: Don't we already have VPN? by Anonymous Coward · · Score: 0

      Lol, no. You'd use VPN, and Tor, and DuckDuckGo, and now this. There are a wide variety of fronts upon which both security at rest and security in motion need to be protected (it seems as though this targets the former).

    2. Re: Don't we already have VPN? by Anonymous Coward · · Score: 0

      For that matter, where are Tor and 2056-bit encrypted VPNs on public computers?

    3. Re:Don't we already have VPN? by gweihir · · Score: 1

      Against eavesdroppers, yes. Against a compromised (or snooping) target website, no. The latter is the main concern here.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Don't we already have VPN? by pjt33 · · Score: 1

      Huh? The threat model is physical access to the client by e.g. an employer or a detective. It is described as

      Veil’s goal is to defend the user against local attackers who take control of a user’s machine after a private session terminates.

  3. You call that research? by Anonymous Coward · · Score: 0

    Grad students getting paid to surf porn?

    1. Re: You call that research? by Anonymous Coward · · Score: 0

      They never paid me!?!
      Bastards.

  4. This is for browser cache, page file, etc by raymorris · · Score: 1

    Their approach is targeted to avoid leaving evidence on the user's machine. Sometimes you see these criminal cases where a guy dies from arsenic poisoning and investigators discover that the wife Googled "arsenic poisoning" a week before, and read up on how people can be poisoned with arsenic. If the wife used these techniques, it would be more difficult for investigators to look on her computer and see that she had been researching arsenic poisoning before her husband was poisoned.

    1. Re: This is for browser cache, page file, etc by Anonymous Coward · · Score: 0

      I use a RAM drive for browsing when I need that extra bit of security. Just modify all the necessary paths for Firefox to point to the RAM drive and reboot the machine when done. Data is wiped from memory and no trace on my SSD.

      -GeekPoet

    2. Re: This is for browser cache, page file, etc by Anonymous Coward · · Score: 0

      Use a live CD (or USB) instance of linux that only runs from the media and doesn't touch the system drives at all.

      Eureka! no evidence left on the host PC.

  5. PS - doesn't work for Reddit by raymorris · · Score: 1, Funny

    PS, these techniques will NOT be effective if, after receiving a subpoena for emails, you post on Reddit "my client is a VERY VIP and I need to wipe out all evidence of her emails" while posting under the same username you use on Twitter.

    1. Re:PS - doesn't work for Reddit by Anonymous Coward · · Score: 0

      Based on the outcome of that case, it seems that you're actually [and shockingly] wrong. Then again, you're wrong because the investigators did not care what they found and the outcome was predetermined before any of that evidence was even discovered, especially since everyone that matters was given immunity. "Oops"

  6. How useful is this? by 93+Escort+Wagon · · Score: 1

    It seems potentially interesting for an edge case... but I’d be curious to know how much web browsing actually happens on shared computers which still have individual accounts (excepting family computers).

    --
    #DeleteChrome
    1. Re:How useful is this? by John.Banister · · Score: 1

      I think of computers in public and school libraries, where individual accounts are required even if they appear to be throw away ones.

  7. Any Evidence Of TLA Involvement? by Anonymous Coward · · Score: 0

    Has anyone looked to see if if there is evidence of funding coming from any three letter agencies, or other such untrustable sources?

    I'm asking for a friend.

  8. Page file aka swap. "RAM" can easily be on disk by raymorris · · Score: 2

    Your ram disk can very easily appear on disk. Windows calls it the page file, Linux calls it swap.

    > Just modify all the necessary paths for Firefox

    Also Firefox, and applications in general, are essentially wrappers around system calls. For example, browser doesn't open connections to web servers. It asks the O's to do that. Firefox doesn't know what's happening.