IETF Logo Mail Archive

Re: A question about user tracking with QUIC

Robin MARX <robin.marx@uhasselt.be> Mon, 07 June 2021 12:47 UTC

Return-Path: <robin.marx@uhasselt.be>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 967C53A13F8 for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 05:47:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=uhasselt.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXHZSQ5DF3tS for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 05:47:00 -0700 (PDT)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E1F3A1409 for <quic@ietf.org>; Mon, 7 Jun 2021 05:47:00 -0700 (PDT)
Received: by mail-wm1-x331.google.com with SMTP id k5-20020a05600c1c85b02901affeec3ef8so2248513wms.0 for <quic@ietf.org>; Mon, 07 Jun 2021 05:46:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uhasselt.be; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SgEuH4dOvmWmYQQSBApJbQRjZ4043rJ365qbQi5v6uE=; b=nNQ1MUCloLUtw4sOaR3FJqH5wT2QGnhKorOmfHTAu7cOPw8kyD8e20RSD+xda0z/Cp Oy0pV2OUocPLlfgW5gibaZBTeeindXOp7LKkW6eCqdvE2V7MmviCf8HX2Y5SzvrzIqGJ hdg/MkltdAckn1vX5T9opn+RdeAfAyhZmWofA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SgEuH4dOvmWmYQQSBApJbQRjZ4043rJ365qbQi5v6uE=; b=n0Iw9mf9fizhDBBFJ8YOU2co8Ms/Zr4DrPtq4nbiUmSWVzxn2jQ/gpEw+DcK4USzzU M72Mo+W8tWq0KQ/KMXV1pltHM6kkvZCqQGJqKYbgc5tuizWXXPhV4kD3nCiciE+GTClo 5VEUCNBlvAjsQjPUB5E8MykoeF7rj/kgHke4HIQJyu084GFgL5W5U68vfMTCm3Q2q+pq 5So5CQTcZzysyHHmNFo1rzytYC79VhpWZMYrSjhn1/eXnbgMp4EjTmh11manSm2hEvW3 guR+fBsxFyigqBP1lTuKyvloV2aHb2MchqCb673/YhPXwoa/Kxk+WwcJ/0ZG71ayg81G xuvw==
X-Gm-Message-State: AOAM530WbCMdqO6vEDplSbpGSwlrkAc4jMQbPKCJKGfyTuW7+ZFHWo46 24f/YjiHz5EO7Np9bZXMkgi7bzApkkcGrHZlm2jIkOdmFU6rEw==
X-Google-Smtp-Source: ABdhPJzlUl48enfITdN4I0RUekE7bKU2gyhCwZ2zU2DEYsWy+mwYId2ZorC5OEsnBb4iQQpjyzttL0y+0yowatKbhzg=
X-Received: by 2002:a1c:2985:: with SMTP id p127mr16795888wmp.165.1623070016705; Mon, 07 Jun 2021 05:46:56 -0700 (PDT)
MIME-Version: 1.0
References: <20210607123854.GA16312@nic.fr>
In-Reply-To: <20210607123854.GA16312@nic.fr>
From: Robin MARX <robin.marx@uhasselt.be>
Date: Mon, 07 Jun 2021 14:46:32 +0200
Message-ID: <CAC7UV9bkqOeCgDsCH+Hdq0v=zmRKNNDtpfiq6Ap_vzm5zUzGVg@mail.gmail.com>
Subject: Re: A question about user tracking with QUIC
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000caa2bc05c42c6fc4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/1Lciv9nE4AfP6-vnvwi8wdLg0-8>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 12:47:06 -0000

Hello Stephane,

Could you give more (technical) details why you feel long-lived QUIC
connections can allow user tracking, and specifically in the IP-switching
case?

For an on-path attacker observing encrypted QUIC (at one vantage point),
they shouldn't be able to (easily) correlate migrated QUIC connections as
the Connection IDs change during (active) migration.
For an attacker with access to the decrypted payloads, I'm not sure how
QUIC differs from TCP or H3 differs from H2 in your view?

With best regards,
Robin

On Mon, 7 Jun 2021 at 14:39, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:

> I was thinking about the privacy risks of QUIC and there is one where
> I'm not sure what to think of it, and for which I cannot find any
> discussion in the archives of the WG.
>
> Long-term QUIC connections may enable some user tracking, even when
> the user changes its IP address, without even needing HTTP cookies or
> things like that.
>
> I am not sure it is a real problem in practice because it's not new
> (HTTP/2 offered similar possibilities), there are many other ways to
> track users (HTTP cookies, browser fingerprinting, Google Analytics),
> and they even work cross-servers. But it can be a problem for
> privacy-oriented technologies (QUIC cannot currently work over Tor but
> may be in the future?)
>
> I do not find discussions about that. Was it considered? (If so, you
> are welcome to reply "Search with mailarchive yourself" but I prefer
> if it comes with URLs and/or approximate datetimes.) Is it, for
> instance, a good idea to advise privacy-oriented clients to always
> shut down QUIC connections when IP address changes?
>
>
>
>
>
>

-- 

dr. Robin Marx
Postdoc researcher - Web protocols
Expertise centre for Digital Media

*Cellphone *+32(0)497 72 86 94

www.uhasselt.be
Universiteit Hasselt - Campus Diepenbeek
Agoralaan Gebouw D - B-3590 Diepenbeek
Kantoor EDM-2.05

v2.23.0 | Report a Bug | By Email