Privacy

49025 readers

860 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

102

Researchers have just unveiled a technique called FROST that lets a website work out which other websites and apps you have open, without you clicking a single thing (protonprivacy.substack.com)

submitted 1 day ago by Innerworld@lemmy.world to c/privacy@lemmy.ml

21 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] unwarlikeExtortion@lemmy.ml 4 points 20 hours ago

Probably not. AFAIK docker isn't a virtual machine in the traditional sense that it has its reserved storage other apps on the machine can't access. And even if it were, it's the same physical drive.

Now I'm not too versed myself in SSD firmware so maybe the large file size really is like a wide net, or maybe the file size isn't important - only the fact you're doing read operations on a small space on the SSD may give enough volatility in the read speed to infer the exact app that decided to spin up at that moment.

The simplest fix that comes to mind is to have multiple drives (e.g. install and data) and put the browser on the data one. Maybe this added complexity can throw off some naive attacks. Also, a HDD "naturally" has some variability in the access time (since it needs to physically locate the sector with its read heads).

So in essence, laptops with a single SSD are by far the most vulnerable.

However, adding sane limits on the vulnerable API mentioned and throttling read/write speeds (ideally with randomization) seems like a fix good even for single-drive laptops.

What'd probably work with Docker is a similar read speed throttling setup.

Spoofing identifying information won't help much since read time variability is what matters here. It may make it take more info to infer performance rather than having the transparent information, but a good model is bound to infer pretty well after some initial data.