Privacy impact of connection coalescing #645
Labels
Comments
|
@martinthomson, I've marked this as Design, but I think we can prepare a proposal pretty easily. You want to take a crack at it, or should I do a pull? |
|
I'm happy to take input. Since I'm basically offline this week, getting a start would help lots. |
mnot
added a commit
that referenced
this issue
Nov 21, 2014
... using connection correlation. This fixes #645.
Merged
|
Marked as editor-ready; please consider list feedback. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Folks in the Tor community point out that coalescing connections is a genuinely new vector for tracking users in HTTP/2.
This should be pointed out in the Privacy Considerations subsection of Security Considerations, along with mitigations.
While we're there, more specific text about mitigating HTTP/2-specific fingerprinting would be nice.
The text was updated successfully, but these errors were encountered: