Cryptographer Derek Zimmer at Private Internet Access blogs about a supercookie built into TLS 1.2 and 1.3. In principle, the new standards increase both securty and privacy through the use of better algorithms. In practice, the result falls short. Although the problem is worse in the older versions of TLS, a new feature in TLS, 0-RTT, actively impairs the ability to maintain privacy by skipping some renegotiation steps that pertain to generating new keys. Thus web sites and larger networks can follow individual connections as they move around, say home, work, café, etc. Browsers like Firefox contribute to the problem by enabling session IDs, Session Tickets, and 0-RTT by default even in their so-called Private Mode.
Complete steps for mitigation appear in the blog post, but the Firefox workaround is to set these values after opening about:config
security.tls.enable_0rtt_data | existing key | false |
security.ssl.disable_session_identifiers | create new key | true |
privacy.firstparty.isolate | existing key | true |
security.ssl.enable_false_start | existing key | false |
The blog notes "I am currently researching mitigations for this problem in Chrome, but full mitigation does not seem possible at this time." No statement is made about whether or not this is an issue (or, if it is, whether or not there are mitigations) with any other browsers or with command line utilities such as curl or wget.
[Updated 2018-11-20 to add warning about privacy.firstparty.isolate --martyb]
(Score: 0) by Anonymous Coward on Wednesday November 21 2018, @01:13PM
That's what the CIA wants you to think o_O