[{"author": "Shivan Sahib", "text": "you can try sharing your own screen
", "time": "2022-03-21T11:59:58Z"}, {"author": "Shivan Sahib", "text": "as a backup, the chairs can share
", "time": "2022-03-21T12:00:07Z"}, {"author": "Sandra Siby", "text": "ok thanks!
", "time": "2022-03-21T12:00:17Z"}, {"author": "Martin Thomson", "text": "the slide sharing option is better for everyone
", "time": "2022-03-21T12:00:33Z"}, {"author": "Martin Thomson", "text": "much lower bandwidth, slide numbers, less chrome
", "time": "2022-03-21T12:00:53Z"}, {"author": "Barry Leiba", "text": "You can even try the cool new thing of running your slides with your phone.
", "time": "2022-03-21T12:00:56Z"}, {"author": "Tommy Pauly", "text": "Yes, it's way better to use \"share slides\" than \"share screen\" - as long as the slides are pre-loaded
", "time": "2022-03-21T12:01:52Z"}, {"author": "Martin Thomson", "text": "the video of an empty table makes this meeting seem a bit lonely
", "time": "2022-03-21T12:02:04Z"}, {"author": "Barry Leiba", "text": "We can put a stuffed bear there, or lay a t-shirt on one of the Chair chairs.
", "time": "2022-03-21T12:02:33Z"}, {"author": "Tommy Pauly", "text": "Sara if you're talking we can't hear you
", "time": "2022-03-21T12:03:23Z"}, {"author": "Colin Perkins", "text": "Are the chairs talking? No audio
", "time": "2022-03-21T12:03:30Z"}, {"author": "Mallory Knodel", "text": "TIL there's a different button for share slides than share screen. Apologies to everyone in openpgp this morning.
", "time": "2022-03-21T12:03:34Z"}, {"author": "Barry Leiba", "text": "About 20-25 people in the room now.
", "time": "2022-03-21T12:03:48Z"}, {"author": "Shivan Sahib", "text": "we hear you!
", "time": "2022-03-21T12:03:54Z"}, {"author": "Colin Perkins", "text": "That's better!
", "time": "2022-03-21T12:03:59Z"}, {"author": "Martin Thomson", "text": "echo!
", "time": "2022-03-21T12:04:01Z"}, {"author": "Tommy Pauly", "text": "Yes!
", "time": "2022-03-21T12:04:02Z"}, {"author": "Tommy Pauly", "text": "I can help take minutes
", "time": "2022-03-21T12:04:44Z"}, {"author": "Shivan Sahib", "text": "thanks Tommy!
", "time": "2022-03-21T12:04:50Z"}, {"author": "Shivan Sahib", "text": "https://notes.ietf.org/notes-ietf-113-pearg
", "time": "2022-03-21T12:04:55Z"}, {"author": "Niels ten Oever", "text": "Is it me or is the an echo?
", "time": "2022-03-21T12:06:33Z"}, {"author": "Benjamin Schwartz", "text": "Heavy reverb, yeah
", "time": "2022-03-21T12:06:46Z"}, {"author": "Shivan Sahib", "text": "definitely echo for me too
", "time": "2022-03-21T12:06:57Z"}, {"author": "Martin Thomson", "text": "it won't be you sara
", "time": "2022-03-21T12:07:04Z"}, {"author": "Barry Leiba", "text": "I'm guessing that the in-room mic is picking up the in-room audio.
", "time": "2022-03-21T12:07:07Z"}, {"author": "Andrew Campling", "text": "Definitely a slight meet echo
", "time": "2022-03-21T12:07:16Z"}, {"author": "Melchior Aelmans", "text": "Hi all!
", "time": "2022-03-21T12:07:31Z"}, {"author": "dkg", "text": "we had the same issue (in-room mic causing echo) in OpenPGP last session
", "time": "2022-03-21T12:07:44Z"}, {"author": "Colin Perkins", "text": "@meetecho audio echo
", "time": "2022-03-21T12:07:45Z"}, {"author": "Melchior Aelmans", "text": "Sound is indeed as if we are in a very large concerthall :)
", "time": "2022-03-21T12:07:50Z"}, {"author": "npd", "text": "does meetecho have the option to mute the in-room mic as one more participant?
", "time": "2022-03-21T12:08:54Z"}, {"author": "Colin Perkins", "text": "The echo and empty chairs give a strong \"shouting into the void\" feel
", "time": "2022-03-21T12:10:14Z"}, {"author": "dkg", "text": "and yet we're all here in the void, shouting back \u263a
", "time": "2022-03-21T12:10:34Z"}, {"author": "Shivan Sahib", "text": "paper: http://arxiv.org/abs/2203.07806
", "time": "2022-03-21T12:10:58Z"}, {"author": "npd", "text": "is the threat identifying pages the user visits? or identifying the first visit to the index page of a popular domain?
", "time": "2022-03-21T12:12:12Z"}, {"author": "Martin Thomson", "text": "identifying which of the many pages a server hosts (on different origins even) that a client is loading
", "time": "2022-03-21T12:12:44Z"}, {"author": "dkg", "text": "npd: i think the adversary is just trying to guess the site itself.
", "time": "2022-03-21T12:12:46Z"}, {"author": "Martin Thomson", "text": "cross site even, dkg, as they stipulated use of ECH
", "time": "2022-03-21T12:13:00Z"}, {"author": "npd", "text": "my quick read of the paper suggested that it was just index page of the top million domains, but if I read that incorrectly, that's useful to know
", "time": "2022-03-21T12:13:39Z"}, {"author": "Andrew Campling", "text": "An obvious question is whether fingerprinting is always bad? If a protocol becomes undetectable, an adversary may well find it particularly attractive.
", "time": "2022-03-21T12:14:00Z"}, {"author": "Martin Thomson", "text": "I haven't read the whole thing either, so maybe you should clarify, npd
", "time": "2022-03-21T12:14:06Z"}, {"author": "dkg", "text": "the paper says \"enable adversaries to infer which
", "time": "2022-03-21T12:15:45Z"}, {"author": "dkg", "text": "websites a user visits from the traffic patterns
", "time": "2022-03-21T12:15:47Z"}, {"author": "dkg", "text": "\"
", "time": "2022-03-21T12:15:48Z"}, {"author": "dkg", "text": "(from the introduction)
", "time": "2022-03-21T12:15:57Z"}, {"author": "Martin Thomson", "text": "4% at what cost?
", "time": "2022-03-21T12:18:15Z"}, {"author": "Lars Eggert", "text": "i guess more padding (more than x MTU) would help?
", "time": "2022-03-21T12:18:57Z"}, {"author": "Benjamin Schwartz", "text": "Dummy injection can be thought of as >MTU padding
", "time": "2022-03-21T12:19:23Z"}, {"author": "Martin Thomson", "text": "I don't understand what padding total size means here, because that would seem to imply dummy packets also
", "time": "2022-03-21T12:19:53Z"}, {"author": "Lars Eggert", "text": "+1 ben, and mt, i think they just padded to the first MTU or something?
", "time": "2022-03-21T12:20:20Z"}, {"author": "dkg", "text": "looks like the padding defense levels they're offering just cuts f-score in half, no matter what the f-score was.
", "time": "2022-03-21T12:24:43Z"}, {"author": "dkg", "text": "it would be interesting to see these results comparing sites with no third-party subresources against sites that have third-party resources.
", "time": "2022-03-21T12:25:52Z"}, {"author": "npd", "text": "caching of third-party resources seems like it could be extremely significant in terms of protection from network observer
", "time": "2022-03-21T12:27:19Z"}, {"author": "David Lawrence", "text": "Great research, Sandra.
", "time": "2022-03-21T12:29:00Z"}, {"author": "Wes Hardaker", "text": "agreed: very useful, thank you.
", "time": "2022-03-21T12:29:17Z"}, {"author": "Martin Thomson", "text": "dkg, I had a similar thought about third-party resources
", "time": "2022-03-21T12:29:19Z"}, {"author": "Chris Box", "text": "It's a little odd that in a previous slide a client was fetching content from a tracker, whose aim is of course to track and identify the client.
", "time": "2022-03-21T12:30:21Z"}, {"author": "Massimiliano Pala", "text": "could access networks help in any way in this \"coordination\" between parties view? Can your local network be a party here?
", "time": "2022-03-21T12:30:35Z"}, {"author": "npd", "text": "or the malware could choose a different destination IP address
", "time": "2022-03-21T12:30:39Z"}, {"author": "Martin Thomson", "text": "the malware would have to use the same traffic profile as a real page load, that's all
", "time": "2022-03-21T12:30:58Z"}, {"author": "dkg", "text": "npd: caching 3rd party resources also defends against tracking by the 3rd party itself.
", "time": "2022-03-21T12:31:05Z"}, {"author": "Martin Thomson", "text": "so same IP, not different
", "time": "2022-03-21T12:31:05Z"}, {"author": "Andrew Campling", "text": "+1 to understanding that network traffic analysis can be a good thing for the user as a defence against malware.
", "time": "2022-03-21T12:31:44Z"}, {"author": "dkg", "text": "surely the user's endpoint can identify malware with more robustness than any network observer?
", "time": "2022-03-21T12:32:26Z"}, {"author": "Martin Thomson", "text": "dkg: presumably the user's endpoint is compromised in this case
", "time": "2022-03-21T12:32:47Z"}, {"author": "Martin Thomson", "text": "of course, malware has a very easy job, it only has to be indistinguishable from a credible/plausible page load
", "time": "2022-03-21T12:33:09Z"}, {"author": "Martin Thomson", "text": "here, the defender is trying to make diverse content indistinguishable at the network layer
", "time": "2022-03-21T12:33:31Z"}, {"author": "David Schinazi", "text": "And malware can afford sending 4x the amount of traffic to defeat traffic analysis
", "time": "2022-03-21T12:33:55Z"}, {"author": "David Schinazi", "text": "Is this at the network layer or at the QUIC layer?
", "time": "2022-03-21T12:34:08Z"}, {"author": "Martin Thomson", "text": "David: exactly
", "time": "2022-03-21T12:34:10Z"}, {"author": "dkg", "text": "and it generally has access to the application layer
", "time": "2022-03-21T12:34:12Z"}, {"author": "Andrew Campling", "text": "@dkg: also the malware may be client software undertaking surveillance capitalism, communicating home and trying to do so without detection
", "time": "2022-03-21T12:34:14Z"}, {"author": "Martin Thomson", "text": "This is really network-layer information, though QUIC doesn't let much information past down to the network layer, aside from the sizing stuff Sandra talked about
", "time": "2022-03-21T12:34:42Z"}, {"author": "dkg", "text": "size and timing and destination
", "time": "2022-03-21T12:34:53Z"}, {"author": "Martin Thomson", "text": "right
", "time": "2022-03-21T12:35:00Z"}, {"author": "npd", "text": "even us remote attendees are real people :)
", "time": "2022-03-21T12:35:29Z"}, {"author": "David Schinazi", "text": "I understand network-level traffic analysis, but what are network-level defenses? If padding is happening on QUIC packets that needs to be inside the encryption for the MTU padding case
", "time": "2022-03-21T12:35:35Z"}, {"author": "dkg", "text": "Sandra Siby_web_519: thank you for this work, and bringing it here!
", "time": "2022-03-21T12:35:39Z"}, {"author": "David Lawrence", "text": "Time to get back into \"eat the mic\" habit?
", "time": "2022-03-21T12:35:42Z"}, {"author": "David Lawrence", "text": "Please tell him to get right up on the mic
", "time": "2022-03-21T12:36:36Z"}, {"author": "David Oran", "text": "still too quiet - can we increase the gain?
", "time": "2022-03-21T12:36:39Z"}, {"author": "Colin Perkins", "text": "still pretty quiet
", "time": "2022-03-21T12:36:41Z"}, {"author": "David Schinazi", "text": "He's very close to the mic, @meetecho can you increase gain?
", "time": "2022-03-21T12:36:56Z"}, {"author": "Andrew Campling", "text": "Perhaps remove mask when presenting?
", "time": "2022-03-21T12:36:56Z"}, {"author": "Chris Box", "text": "Not allowed in Vienna
", "time": "2022-03-21T12:37:29Z"}, {"author": "Robert Carolina", "text": "VERY quiet
", "time": "2022-03-21T12:37:39Z"}, {"author": "jhoyla", "text": "But he's pointing the mic at the ceiling , not at his mouth
", "time": "2022-03-21T12:37:47Z"}, {"author": "npd", "text": "@dkg caching third party resources across origins would be valuable in protecting against trackers, but also the fact that it's cached can be used as a way to track the user, so the trend is to partition network caches
", "time": "2022-03-21T12:38:14Z"}, {"author": "Shivan Sahib", "text": "how is the audio now? It seems fine to me
", "time": "2022-03-21T12:38:55Z"}, {"author": "Colin Perkins", "text": "relatively quiet, but usable
", "time": "2022-03-21T12:39:17Z"}, {"author": "Martin Thomson", "text": "npd: the partitioning of the cache in browsers is basically done: https://docs.google.com/presentation/d/1i7KvTtIS2JhAadQsdWLFpMzNmgXmUbXSfPuO_wYX6d8/edit#slide=id.g1135ef95135_0_110
", "time": "2022-03-21T12:39:27Z"}, {"author": "Meetecho", "text": "Working on it
", "time": "2022-03-21T12:39:31Z"}, {"author": "dkg", "text": "\"removing the last octet\" isn't great for IPv6
", "time": "2022-03-21T12:41:32Z"}, {"author": "Mirja K\u00fchlewind", "text": "Yes, thanks Sandra for this interesting research! (sorry remembered to joint the chat just now)
", "time": "2022-03-21T12:43:38Z"}, {"author": "Andrew Campling", "text": "GDPR is another reason why US-centric assumptions about behaviour of participants (eg network operators) do not apply in Europe
", "time": "2022-03-21T12:44:04Z"}, {"author": "Sandra Siby", "text": "hey everyone, thanks for the nice discussion on our quic work! we are indeed planning to look further into webpage resources -- reliance on third party resources + caching, and their impact on these attacks would be one of the those. another thing we've been considering is whether concepts like web bundling (bundling together all resources) would change something for the adversary
", "time": "2022-03-21T12:44:59Z"}, {"author": "Dirk Kutscher", "text": "Related work on GDPR and networking: https://dl.acm.org/doi/10.1145/3460417.3482979
", "time": "2022-03-21T12:45:20Z"}, {"author": "Chris Box", "text": "Lots of countries not yet in that table
", "time": "2022-03-21T12:46:29Z"}, {"author": "npd", "text": "+1, thank you Sandra
", "time": "2022-03-21T12:46:42Z"}, {"author": "Robert Carolina", "text": "@Chris Box: The numbers get pretty big expressed as %OECD
", "time": "2022-03-21T12:47:16Z"}, {"author": "Chris Box", "text": "Good to hear
", "time": "2022-03-21T12:47:26Z"}, {"author": "Robert Carolina", "text": "The clear outlier is USA
", "time": "2022-03-21T12:47:41Z"}, {"author": "npd", "text": "whoa, who has the ability to pan/zoom the camera in on the speaker? it's very helpful/professional
", "time": "2022-03-21T12:47:57Z"}, {"author": "Massimiliano Pala", "text": "A possible proposal would be a standard way for services to declare their compliance of specific laws.. this could be on a self-asserting basis, but it could be a useful way for users to filter services based on that information.
", "time": "2022-03-21T12:50:28Z"}, {"author": "dkg", "text": "masque and odoh are hardly ubiquitous today, though
", "time": "2022-03-21T12:50:37Z"}, {"author": "Massimiliano Pala", "text": "Extensions for website certificates could contain the list of privacy-compliance OIDs (OIDs to reference laws and frameworks)
", "time": "2022-03-21T12:51:22Z"}, {"author": "Robert Carolina", "text": "Very hard to declare \"compliance\" w GDPR at any given time. It's more like a scalar value than a binary.
", "time": "2022-03-21T12:51:23Z"}, {"author": "Mallory Knodel", "text": "I'm not sure I agree with that analysis of what GDPR says about data retention and protocols.
", "time": "2022-03-21T12:51:25Z"}, {"author": "npd", "text": "it seems very optimistic that these proxies/oblivious proposals will become universal
", "time": "2022-03-21T12:51:31Z"}, {"author": "Alissa Cooper", "text": "Good candidate for a living/evergreen document
", "time": "2022-03-21T12:54:38Z"}, {"author": "Robert Carolina", "text": "Followup on multinational data protection comment: I count at least 32 of 38 OECD members with GDPR-style data protections laws. USA is the biggest outlier.
", "time": "2022-03-21T12:55:12Z"}, {"author": "Jim Reid", "text": "@ Robert, it's much ickier than that. The DPAs in the EU have differing opinions on how GDPR is implemented and enforced nationally.
", "time": "2022-03-21T12:55:35Z"}, {"author": "Robert Carolina", "text": "@Jim - understood and agreed. FYI, I'm a lawyer in England - practicing in this field 30 years :-)
", "time": "2022-03-21T12:56:23Z"}, {"author": "Luigi Iannone", "text": "@Robert: AFAIK USA did not opt for a federal law, so we have to dig into states law.
", "time": "2022-03-21T12:56:34Z"}, {"author": "Jim Reid", "text": "Better you that me Robert. :-)
", "time": "2022-03-21T12:56:48Z"}, {"author": "Luigi Iannone", "text": "@Alissa, what do you mean by evergreen document?
", "time": "2022-03-21T12:57:35Z"}, {"author": "Robert Carolina", "text": "@Luigi: there are a patchwork of federal laws that I call \"use case\" laws - nothing general. A FEW states (California+) have started to adopt general laws that are like data protection, but not nearly as strong as GDPR.
", "time": "2022-03-21T12:57:42Z"}, {"author": "Andrew Campling", "text": "Mic It would be helpful to acknowledge that some censorship is good, eg malware blocking, parental controls
", "time": "2022-03-21T12:58:04Z"}, {"author": "Robert Carolina", "text": "+1 Jim :-)
", "time": "2022-03-21T12:58:05Z"}, {"author": "Luigi Iannone", "text": "@Robert: thanks
", "time": "2022-03-21T12:58:24Z"}, {"author": "npd", "text": "I would also be interested in learning about the IETF process for living documents, if there are links to be shared
", "time": "2022-03-21T12:58:28Z"}, {"author": "Andrew Campling", "text": "Perhaps \u201ccensorship\u201d isn\u2019t l
", "time": "2022-03-21T12:59:13Z"}, {"author": "Andrew Campling", "text": "always the best term, can be perjpr
", "time": "2022-03-21T12:59:23Z"}, {"author": "Andrew Campling", "text": "o
", "time": "2022-03-21T12:59:25Z"}, {"author": "Shivan Sahib", "text": "I don't think there is an existing process for living documents
", "time": "2022-03-21T12:59:34Z"}, {"author": "Alissa Cooper", "text": "There is no process AFAIK, but it is a topic that has been discussed many times over the years. I can try to dig up whatever the most developed proposal was that I can find.
", "time": "2022-03-21T12:59:46Z"}, {"author": "Andrew Campling", "text": "* pejorative
", "time": "2022-03-21T12:59:49Z"}, {"author": "Lars Eggert", "text": "@npd: there isn't a process yet - it's a topic that's been under discussion for some years, but afaik here hasn't been a proposal that would capture some of the better-defined used cases
", "time": "2022-03-21T12:59:52Z"}, {"author": "Lars Eggert", "text": "*all of the
", "time": "2022-03-21T13:00:05Z"}, {"author": "dkg", "text": "thanks, all!
", "time": "2022-03-21T13:00:05Z"}, {"author": "Gurshabad Grover", "text": "Thanks!
", "time": "2022-03-21T13:00:09Z"}, {"author": "Massimiliano Pala", "text": "thanks!
", "time": "2022-03-21T13:00:10Z"}, {"author": "dkg", "text": "Andrew Campling: i think you're sayng the quiet part out loud :/
", "time": "2022-03-21T13:00:31Z"}, {"author": "npd", "text": "I believe the current draft does not take a position that censorship is always bad or unjustified, just documents how actors in a position of power to censor communications have different techniques to do so
", "time": "2022-03-21T13:01:39Z"}, {"author": "npd", "text": "thanks chairs and presenters for a succinct and interesting session
", "time": "2022-03-21T13:03:16Z"}]