That alone should be enough to fingerprint a given connection to a specific user. Really as long as you aren't leaking DNS and you use a reasonably secure + well utilized VPN, your client should appear as a black box that shouts opaque contents at a single server without leaking many details about the actual communication taking place.Ĭompare this with HTTPS + no VPN where only the contents are obscured and everyone eavesdropping (aka the ISP or anyone on the same network) can see every service you are connected to. Doubly so if the VPN supports multi-hop routing where the client side VPN and the server side VPN are at different sites. Of course by combining knowledge from multiple sources you can still build a fingerprint but VPNs with sufficient utilization can serve as a mixer to obfuscate which users are taking part in which traffic. VPNs create a separation between the client and the server (as you mentioned) so not only can the server (or those eavesdropping on the server's connection) not see the client's IP, those eavesdropping on the client can't see what services they are connecting to (other than the VPN). VPNs are significantly better wrt protection than HTTPS. I'd love to see wider adoption, but can't see the general population putting up with this. Not to mention, this is kind of expensive and also non-obvious as Yubikey primarily sells single keys. I really wish there were a secure way to simply have a key backup. It's just tedious to keep track of what's been registered with which key and making sure they're all in sync. Maybe I should just round-robin the off-site key. But, then I need to remember to actually add the off-site key to the account as well. That way I can add two keys to a service and have a local backup in case one breaks. For legal document requests, please forward a subpoena or court order to: TMobile Law Enforcement Relations Group, 4 Sylvan Way, Parsippany, NJ 07054. Dropping everything to go fetch my key is inconvenient, so I keep multiple keys in the house. TMobile will fully cooperate with any investigation undertaken by law enforcement. Of course, for that key to be useful, I need to update it whenever I use my key on a new site/service. Since I'd hate to lose access to everything if my house burns down, I keep a key outside of the home. How are you handling multiple Yubikeys? I'm doing it personally and it's so annoying that I can't imagine recommending this to anyone else.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |