We had earlier written on Browser Fingerprinting where it was possible for websites to know who is the person visiting them. Website Traffic Fingerprinting or traffic fingerprinting is a similar method. It allows third parties to snoop on you and get an idea of what you do on the Internet. The article explains how it is possible and then talks if it is dangerous.
Website Traffic Fingerprinting
Website Traffic Fingerprinting is a method for determining when and what a user does on the Internet. The user may be using a proxy, a secure tunnel VPN, encryption, etc. However, it is still possible to determine the person’s Internet usage by snooping on the data packets traveling to and from the Internet.
Even TOR Network (The Onion Router) says criminals can decode things being done by its users. In its blog, TOR said that data is encrypted and sent forward. We all know there are many nodes in the TOR network, so authorities cannot track the users. But then, website fingerprinting comes in. For TOR, the data packets are vulnerable until they reach the first node in the TOR network. This information can easily be obtained. If the authorities or criminals set up multiple nodes on the TOR network, data is likely to pass through them. When such things happen, they snoopers rip off the encryption to know where the data packets are going.
However, website traffic fingerprinting is not only about the TOR browser. It is about how people snoop on you to learn what you are doing on the Internet and how they use that information.
What motivates Website Traffic Fingerprinting
According to the TorProject,
“The exact motivation for this effort on behalf of the adversary is typically not specified, but there seem to be three possibilities, in order of increasing difficulty for the adversary:
-
The adversary is interested in blocking specific censored webpage traffic patterns, while still leaving the rest of the Tor-like traffic unmolested (perhaps because Tor’s packet obfuscation layer looks like something legitimate that the adversary wants to avoid blocking). NOTE: You may replace TOR with any other encrypted traffic.
-
The adversary is interested in identifying all of the users that visit a small, specific set of targeted pages.
-
The adversary is interested in recognizing every single web page a user visits.”
How does Website Traffic Fingerprinting work?
Website traffic fingerprinting, or simply ‘traffic fingerprinting,’ works on the client end. That is, snoopers study the data packets entering and leaving a website. As said earlier, it could just be a marketing guy interested in knowing what types of websites get more views—or it can be some authority tracking your moves even if you try a proxy, VPN, or other forms of secure browsing.
How data leaves and enters a website says much about what is being viewed, buffered, or downloaded. If the data packets are huge and the time interval among releases is too high, it indicates that the user is on some video site.
Likewise, if the data packets are pretty small and leave the website at a very low interval, it could be an email website or someone just reading a website.
Based on these patterns, one can understand what is going on. But they can’t know about the specific data being transferred unless they break the encryption.
Read: What is Web Tracking? What are Trackers in browsers?
Dangers of Website Traffic Fingerprinting
The only danger is that website traffic fingerprinting might destroy your identity. It won’t steal your data in any way if you are using VPN or other forms of encryption. The main purpose is to understand the user and his/her interests on the Internet. The method is mainly used for encrypted packets to check if something illegal is happening. I do not think it can be used for anything else. There is no need to panic if you are using encrypted connections.
This above is my take on Website Traffic Fingerprinting. If you feel like adding something, please do.
