It's well known that web clients are easy to fingerprint, and you can see that the same is true for other protocols like email and BitTorrent. This begs the question: which protocols aren't easy to fingerprint? Specifically, protocols possessing multiple client implementations (e.g. not freenet) that support upload and download functionality necessary to build an anonymous service.
Asked
Active
Viewed 170 times
2 Answers
1
Fingerprinting of clients is not caused by the protocol itself, but by distinguishing different implementations of the protocol and by using features outside the application protocol. For example fingerprinting a web client can be roughly done based on the HTTP request headers since the HTTP standard allows a wide variety of implementations. But more granular fingerprinting is actually done outside of the HTTP protocol, by interacting with the browser using Javascript.
Thus, the protocol most resistent to fingerprinting is a protocol with a very strict definition and no useless flexibility (like order of headers, case of headers etc). This can be best achieved with a very minimal single-purpose protocol. It can also be achieved with a single protocol implementation shared by all clients.
But this contradicts the usual approach or having extensible protocols and adding features later. Once this is done the clients can be fingerprinted by the features they support and by specific ways the interpret a weakly defined protocol standard. And this ignores features outside the actual protocol, like specific timing, OS specific differences etc.
Steffen Ullrich
- 184,332
- 29
- 363
- 424
-1
It is almost impossible to be resistant to fingerprinting the software version. (example from identifying TCP stacks: What error code does it send, when the other side does two invalid things at the same time?)
The interesting question is whether it is possible to fingerprint the user.
manduca
- 1,111
- 7
- 10