Long time TiVo competitor, ReplayTV, has had a PC interface for some time now by means of an open source JAVA program called DVArchive.
With it, user's of LAN enabled ReplayTV's can stream recorded shows onto their PC's. DVArchive can even act as a virtual ReplayTV, serving up shows for all the real ones in the house.
If this is what TiVo has planned, it sounds like they are playing catch-up.
You may be able to file for no money using these websites, but that doesn't mean they are free. TurboTax's "free" online filing, for instance, requires you to register your personal information. You are, in effect, selling your privacy. It is no different from those cards you have to use to get the discount at the grocery store. Sure, you save some money, but is it worth a few bucks to you if your personal information might be sold to spammers (or whatever else they can think up)?
I believe there is a clue to how to defeat these attacks burried in the report.
The researchers only included one laptop in their study and yet laptops are arguably the most interesting targets to try to track. It is due to their portability that they are attractive to those desiring to stay anonymous. I find it interesting that among more than 70 devices they studied, only one was a laptop.
I also think they have paid less attention to this laptop than they should have:
"When booting with outlet power, the clock skew on laptop running Windows XP initially begins with a large magnitude, and then stabilizes to a skew like that in Table 5 until we disconnect the power; the initially large skew may be due to the laptop recharging its batteries."
What this suggests to me is that the voltage supplied to the oscillator may alter the clock skew. In fact, I wouldn't be surprised if overclocking or underclocking a desktop PC also changes the skew. Changing core and RAM voltages might also modify the skew. They should have researched these possibilites.
I have seen little mention here of another type of attack they describe which is independent of the TCP skew. The Fourier transform attack is scarier than they let on:
"...[O]ur Fourier-based technique does not require knowledge of a device's TSopt or system clocks..."
"Some systems send packet [sic] at 10 or 100 ms intervals, perhaps due to interrupt processing or other internal operating system feature [sic] on one side of a flow. When this condition holds, we can use the Fourier transform to extract information about the system's clock skew."
"...[W]e can use the Fourier transform on packet arrival times to estimate the frequency at which the device actually transmits packets (here packet arrival times refers to the times at which the monitor records the packets)."
What this says is that even if you're running a modified TCP stack and are filtering out ICMP requests, attackers may still be able to find out your skew.
I anxiously await the results of research on skew modulation techniques.
Although I don't think MS is beneath filtering XFree86 out, I think I know how they'll explain this (if they so bother).
XFree86 does something that XFree69, XFree87, "X Free 86," etc. do not:
It returns 2 million hits in google.
(I quote figures for google since, obviously, msn's filters prevent us from measuring how many results their engine returns)
I think MS will claim (again, if they decide to respond at all) that their algorithm notices the suspect strings ("X" and "Free") as well as the fact that the number of hits is similar to those for truly naughty searches.
"XFree86" is a single 'token' that raises all three of these hypothetical red flags. If you enter "X Free 86" (including the spaces) into a search engine, the search string decomposes into three tokens that each raise no more than two red flags.
Evidence:
Search_Term, Google_Hits, MSN_Flags_as_porn XFree86, 2.4 Million, yes XFree87, 7, no XFree85, 181, no XFree69, 0, no X, 300 Million, no Free, 600 Million, no freesex, 2.2 Million, yes
However, I should point out that the number of google results may not be a reasonable indicator of the frequency of occurences within MS's own database. If you search for "86" on both engines, google indicates 44 million hits, while MSN claims to have only 36 (that's thirty-six, not thirty-six million).
(I still think they're doing it on purpose, though;-)
Slashdot Mirror
I assure you, we're all decent!
Long time TiVo competitor, ReplayTV, has had a PC interface for some time now by means of an open source JAVA program called DVArchive. With it, user's of LAN enabled ReplayTV's can stream recorded shows onto their PC's. DVArchive can even act as a virtual ReplayTV, serving up shows for all the real ones in the house. If this is what TiVo has planned, it sounds like they are playing catch-up.
You may be able to file for no money using these websites, but that doesn't mean they are free. TurboTax's "free" online filing, for instance, requires you to register your personal information. You are, in effect, selling your privacy. It is no different from those cards you have to use to get the discount at the grocery store. Sure, you save some money, but is it worth a few bucks to you if your personal information might be sold to spammers (or whatever else they can think up)?
I believe there is a clue to how to defeat these attacks burried in the report.
The researchers only included one laptop in their study and yet laptops are arguably the most interesting targets to try to track. It is due to their portability that they are attractive to those desiring to stay anonymous. I find it interesting that among more than 70 devices they studied, only one was a laptop.
I also think they have paid less attention to this laptop than they should have:
"When booting with outlet power, the clock skew on laptop running Windows XP initially begins with a large magnitude, and then stabilizes to a skew like that in Table 5 until we disconnect the power; the initially large skew may be due to the laptop recharging its batteries."
What this suggests to me is that the voltage supplied to the oscillator may alter the clock skew. In fact, I wouldn't be surprised if overclocking or underclocking a desktop PC also changes the skew. Changing core and RAM voltages might also modify the skew. They should have researched these possibilites.
I have seen little mention here of another type of attack they describe which is independent of the TCP skew. The Fourier transform attack is scarier than they let on:
"...[O]ur Fourier-based technique does not require knowledge of a device's TSopt or system clocks..."
"Some systems send packet [sic] at 10 or 100 ms intervals, perhaps due to interrupt processing or other internal operating system feature [sic] on one side of a flow. When this condition holds, we can use the Fourier transform to extract information about the system's clock skew."
"...[W]e can use the Fourier transform on packet arrival times to estimate the frequency at which the device actually transmits packets (here packet arrival times refers to the times at which the monitor records the packets)."
What this says is that even if you're running a modified TCP stack and are filtering out ICMP requests, attackers may still be able to find out your skew.
I anxiously await the results of research on skew modulation techniques.
Although I don't think MS is beneath filtering XFree86 out, I think I know how they'll explain this (if they so bother).
;-)
XFree86 does something that XFree69, XFree87, "X Free 86," etc. do not:
It returns 2 million hits in google.
(I quote figures for google since, obviously, msn's filters prevent us from measuring how many results their engine returns)
I think MS will claim (again, if they decide to respond at all) that their algorithm notices the suspect strings ("X" and "Free") as well as the fact that the number of hits is similar to those for truly naughty searches.
"XFree86" is a single 'token' that raises all three of these hypothetical red flags. If you enter "X Free 86" (including the spaces) into a search engine, the search string decomposes into three tokens that each raise no more than two red flags.
Evidence:
Search_Term, Google_Hits, MSN_Flags_as_porn
XFree86, 2.4 Million, yes
XFree87, 7, no
XFree85, 181, no
XFree69, 0, no
X, 300 Million, no
Free, 600 Million, no
freesex, 2.2 Million, yes
However, I should point out that the number of google results may not be a reasonable indicator of the frequency of occurences within MS's own database. If you search for "86" on both engines, google indicates 44 million hits, while MSN claims to have only 36 (that's thirty-six, not thirty-six million).
(I still think they're doing it on purpose, though