Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Consumer Products
»
Avast Secure Browser
»
Avast Secure Browser for Windows
»
What to do against TLS Session Resumption & Session IDs?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: What to do against TLS Session Resumption & Session IDs? (Read 1680 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33891
malware fighter
What to do against TLS Session Resumption & Session IDs?
«
on:
October 21, 2018, 12:33:03 PM »
TLS Session Resumption provides an ideal way to quirk privacy in the browser by big data slupers like facebook etc.
Read:
https://www.theregister.co.uk/2018/10/19/tls_handshake_privacy/
Problem especially with android browsers as sessions can stay open for quite some time.
So take your privacy delicate searches back to the old desktop browser,
with a browser you can close and cleanse ever so offten.
Some finds methods to disable this:
https://trac.torproject.org/projects/tor/ticket/4099
See how constant tracking and monitoring by Big Commerce & Big Guv
threatens the last vestiges of your privacy by scanning here:
http://ip-check.info/index.php?lang=en
My question what is the best way to make it a little bit harder for Big Slurper to abuse TLS in this way?
This while I know on the other hand, that this is an ongoing cat and mouse game between the tracking and those being tracked,
(us) where trackers will always look for new ways to track even going so far as abusing a security protocol for their ends
as they do in this case of TLS Session Resumption and Session ID tracking.
Anyone with ideas?
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
N.B. Also good to read:
https://www.w3.org/wiki/images/7/7d/Is_preventing_browser_fingerprinting_a_lost_cause.pdf
and
https://hovav.net/ucsd/papers/mbys11.html
(Hovav Schacham &Al.)
Damian
«
Last Edit: October 21, 2018, 12:55:45 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
alanb
Poster
Posts: 652
Re: What to do against TLS Session Resumption & Session IDs?
«
Reply #1 on:
October 21, 2018, 02:51:52 PM »
If you are fortunate enough to be a Firefox user, in
about:config
simply set
'
security.ssl.disable_session_identifiers
' to '
true
'
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Consumer Products
»
Avast Secure Browser
»
Avast Secure Browser for Windows
»
What to do against TLS Session Resumption & Session IDs?