Re: [Masque] MASQUE detection through tracking trackers

Töma Gavrichenkov <> Tue, 05 November 2019 18:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 687C01201CE for <>; Tue, 5 Nov 2019 10:35:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cbP3pqr5BjUe for <>; Tue, 5 Nov 2019 10:35:04 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DFEE612085B for <>; Tue, 5 Nov 2019 10:34:56 -0800 (PST)
Received: by with SMTP id g17so350494ybd.13 for <>; Tue, 05 Nov 2019 10:34:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Wtg2Mj5B0Rj48zlhnsd4pCDD5HcTDCQc7jIuRwX4GNY=; b=cioB3Hl2gDczKmwLDzaDAghAuRvSXEC2dJ+91DmhIs7wM1icIegUAP278v+vPuqlK3 IR6kijgv5LUQX3byr9fwRxEtjg6kvrClI6apiBfYWbA/H39vTVXm/OkEaxj44S7v6KqC UZB6mjK2EOZaZP17pXW1SaSTOzTOy77dpvdzj7qXqE3QGd0HTYs4WEtLzX+4WGN3WO6+ 2BHhhM/n4bi2uG6lW5hrnMIAO1ScJU0ikOrwqWDO49LeZKQgvlADMDCUHpeExI4EZ70S Bzjv6elyJoM8ncNiuz4SPZs4+sCnL/K6FyGjPuSJizrSy7nhO7RwhWLC2p1QTNvqfsTD jl0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Wtg2Mj5B0Rj48zlhnsd4pCDD5HcTDCQc7jIuRwX4GNY=; b=Wp7W4yB2nG/5n8kJBqWdZeyOcVGJTROPclX2IN0xEexjh/QtsUzojJyD0clkNjlTGo hf+xTsyS/o+7GiZ2QPwomlWAZtZtJbBYLT333fPZ4dUMz0LAz8nKU8UryPMQrJGGh1BX N4EkiJgY/nPxaRYFISykdMZYMzUQ9PU8JeSWaBMLM40pMD9RflPyeii73pqzQQr74cTg qoU5YSCQUGQA1suYr6q7u0iiYZtGiDcL9u4jPihh83BXDgRuZNeKaIkjKiXqJsuaSyme 7sPw8aSQseJ7edHm2N/UfCf+MXFqmzRUNWaZsnqbZHR4V8gYJvve4LtI1vXXoT2uQXSR 1bDA==
X-Gm-Message-State: APjAAAXKiDyk4vbpDgVELDTNJUq9x5DH2GRwzh8CZ4nx3AlXushuuSBD h/J1BGryDvXljt983ldzhSejQ1qdZYLPCx/D2oM=
X-Google-Smtp-Source: APXvYqynmAnnmyhJK49U8xpO5UIV7w6HwQDILa2f5ZeP33DehFmRuRXTHX6H4x6Qn8JbDug2txLrO2ir3gy8pxT2EZs=
X-Received: by 2002:a25:a148:: with SMTP id z66mr30383660ybh.475.1572978895409; Tue, 05 Nov 2019 10:34:55 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <>
In-Reply-To: <>
From: =?UTF-8?Q?T=C3=B6ma_Gavrichenkov?= <>
Date: Tue, 5 Nov 2019 21:34:40 +0300
Message-ID: <>
To: Ted Hardie <>
Content-Type: multipart/alternative; boundary="0000000000004cd64b05969db0d8"
Archived-At: <>
Subject: Re: [Masque] MASQUE detection through tracking trackers
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Nov 2019 18:35:07 -0000


On Tue, Nov 5, 2019, 9:13 PM Ted Hardie <> wrote:

> Okay, so any system not configured to allow that just hard fails.
> Understood.

Yup.  A typical phone or a laptop isn't.  IDK how the IoT is being
processed, but I assume that's a pretty simple heuristics.

> The regulations require that when "data is collected, data subjects must
> be clearly informed <> about
> the extent of data collection, the legal basis for processing of personal
> data, how long data is retained, if data is being transferred to a
> third-party and/or outside the EU, and any automated decision-making that
> is made on a solely algorithmic <>
> basis." (from Wikipedia's summary)

IANAL, but the entity doesn't collect the data itself, so might be outta
scope of GDPR.

BTW, GDPR doesn't only work in EU, it works in every place on Earth where
an EU citizen could land.

> Interesting that it is mostly EU customers.

Argh!  My bad, that was an occasional ambiguity due to phone keyboard
suggestions.  No, the customers are outSIDE of EU.  Most of them, I assume.

>> Agreed; I cited it only to point out that it is currently out of scope.
> Traffic analysis that includes non-QUIC traffic would be particularly hard
> to address in the document anyway.

Too bad.  A dumb traffic analysis might be out of scope, but a complex
traffic analysis might render VPN research senseless.  Who needs a
perfectly secure communication protocol which could be easily detected and