Re: A question about user tracking with QUIC
Mirja Kuehlewind <mirja.kuehlewind@ericsson.com> Wed, 14 July 2021 17:07 UTC
Return-Path: <mirja.kuehlewind@ericsson.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1303F3A259C for <quic@ietfa.amsl.com>; Wed, 14 Jul 2021 10:07:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_n6NNgy9r7D for <quic@ietfa.amsl.com>; Wed, 14 Jul 2021 10:07:38 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2072.outbound.protection.outlook.com [40.107.21.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA7F63A259B for <quic@ietf.org>; Wed, 14 Jul 2021 10:07:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HO3EK76qYSVf4Kdb7bthEb6vCt9A23BAEu/e5jM5kq/3F9Hco7PJToT/z+pz0V80Dr8RGWtYsUJdawGFh+O+jSKsKedA4NC7JU501FRZwVKZV6UpgAJJAiAMBovpPcOLGeVKE6XDF885gmXS6Um0nV5P1AL7fwDM/R6kEnmOklOVMLKtZGqcKmaojMCXVa4BMscFAw40DvHzDhrd93dgm5vWM0I4cThrJf3FwRrFocY/e+QxrWkSbcUvqqjaQQcU8xUbbrJF83zCjLUZTCUF5bEmujzSdXIDZ52SsRE3NODvpcxYbKnobo9wJII/+mJ07GYyHpozq0h5WLvOxaxFNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LNPVONbyFc5Y6BMRPphTZGFAaovivWsNFRaWsVxJAiQ=; b=IAwGQabADC8cohTVP4o3a/V2/9ysURK0ovgG4DL2VFzFw17TKdjpU33z7LJyGLI4iThjLDLkD1ha43L/8TMHyvE3MslFefCcZiMmsyO2rXSRfu2AHstJiKNpDMaue+G8KDoP8K0WI2LmUNvJkbzO6zrjrriYhW566AMSW+Ydch81DoUwd7o/B3XdO0fc4iHnPQku663bsaWD8u00yHcHCF/WYvPuIPJQHnIVRQ7Z7diqLJNFiFEGN9+b83FZOq5KIvcEFJC5E/F6VAEA2i9IsqEEr5v4hj4If4GM/sENettk+hy/aTKddoP/fAkSw/75eq9y+AARZYcbb7cu0ava4w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LNPVONbyFc5Y6BMRPphTZGFAaovivWsNFRaWsVxJAiQ=; b=GNHxV5Wloy4ZeB78ppXDC9NtDn7gaf4pCKFxG0qP4NQwDbYU8+dBdHw2og85jr/079lwCs8vYVkSt9S9UR+ScYrWHMp8qbCxxUY2p9aK7K55RwMStDsR43kZ8KlHDAsxDPgrR7vBXzDFTFu7BpMl3k/5U0ikOKtJ6L7jbrrsC3Q=
Received: from DB9PR07MB7804.eurprd07.prod.outlook.com (2603:10a6:10:26d::21) by DBBPR07MB7563.eurprd07.prod.outlook.com (2603:10a6:10:1e3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.11; Wed, 14 Jul 2021 17:07:35 +0000
Received: from DB9PR07MB7804.eurprd07.prod.outlook.com ([fe80::869:6009:74d6:b3ea]) by DB9PR07MB7804.eurprd07.prod.outlook.com ([fe80::869:6009:74d6:b3ea%4]) with mapi id 15.20.4352.008; Wed, 14 Jul 2021 17:07:35 +0000
From: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
To: Mirja Kuehlewind <mirja.kuehlewind=40ericsson.com@dmarc.ietf.org>, Stephane Bortzmeyer <bortzmeyer@nic.fr>, IETF QUIC WG <quic@ietf.org>
Subject: Re: A question about user tracking with QUIC
Thread-Topic: A question about user tracking with QUIC
Thread-Index: AQHXW5onDSMH9yANmE60L/JCGqHLOqtDDemAgAAB4wA=
Date: Wed, 14 Jul 2021 17:07:35 +0000
Message-ID: <BE58A2D5-1D45-4102-8F0B-31A45AFB05DF@ericsson.com>
References: <20210607123854.GA16312@nic.fr> <C0EFE417-EB96-4760-B416-A35C1114138A@ericsson.com>
In-Reply-To: <C0EFE417-EB96-4760-B416-A35C1114138A@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21041102
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6f7891d7-7698-414a-610d-08d946e9e037
x-ms-traffictypediagnostic: DBBPR07MB7563:
x-microsoft-antispam-prvs: <DBBPR07MB7563F46A654F03E9266D15D2F4139@DBBPR07MB7563.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ydVdSqj4tETrnonFqLBU4fOyJQpMFVzGULmZJbjcXO2hS/oiY3swxs9w7jXQVB8FG7XuMbSbCSts6OL44PU7yw3pOWMlo3thU/G3h4RLtZ9d/AlDDOyZ2nqtwfVRx85xmVO0OZ1Cyv5u6SbfL8HQFd0Uhm5ZdLD0CQ3z1Z+S4LzLl+eosfd7clch/a6kjNYus5XUXl8bnt1poKoMfQ+QjJgzNHKxfefOUd59JUDB76rhaQqU/doWO0v1l6JL49EoH4HS7iPIzMl/NfMwzhHAKRgPJwwqCjqm5et8+eqokBL7ppIxOhnKFNrKL+cU9AklsUFafbXsVJrRganJVJOXCN6YP/kzRKijJwNabpYFMHU6AfGHBlNUZnl+KaGIRmarxinq+o0PUQF/4cTydCo9n01L++MkA/MwdZmnfxezq8Xu4cgq7/hcayu2cupfUVFqWsAspgxqNfH14UU7RJpFvqEn2eFRxbIecsi3muNBUYMN0HDaYZjwaFYlDddHVz7NKMXeAWNbXmhgl+Em3C9lA/LTvQF/Z/PcWX/AztaiVA4XYObTGHIHm6Dt3n3I4Kzg97wUscQ33n++vz0DPH7nkcOSg3PAqcpT8QSLy4awys+euKz01a8AvJ9UboxmzftvGXv/M0undjdrSs5v7hHNx9eNXaYu5UAxXlUp8ELeBmb/UJfvC4TTlOGDRXQCNoVMGMtG9ILP9D8X58Q200FW2CRiE2FSlxA+q1sCUuR1McIDfcbMCenwq8I7ApxlUy2nwrF9S9AS7XfH4phC+FKHUh3P+6pa0oN8VV6HgLGpqtkw4hkhJhX4r9MZmeWbvGmD
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR07MB7804.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(366004)(376002)(396003)(39860400002)(66946007)(38100700002)(6506007)(2616005)(66476007)(66574015)(33656002)(86362001)(36756003)(2906002)(53546011)(122000001)(966005)(186003)(316002)(83380400001)(76116006)(478600001)(64756008)(5660300002)(8936002)(66556008)(66446008)(91956017)(110136005)(44832011)(8676002)(6512007)(6486002)(71200400001)(38070700004)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /2IbyKlfQJzI89SspP9a8W6f7n978f3Hf+w5HHIfeqwfbn9eJmDo0ez9fDcCmolf27FsGaJ5VjVr5G9hc9dfXHAGl3cnEZe/wQBhq25ffyhwunXk/U2u+LgylxwWs2Ohwx+2NZxPVxyrnixXNX+KwXiJs/8nNkfxqugKDSkSvLYLPKDQsG5hiN/rSj7N4QTpXP5dD8z3E1mH6FUqZ13b1ECyRJStpHTgb1SH68kAH+Hiqg0iSJNy09AUOGlWbaSHTSC/oINIxj2vfKffpcq7pJcLGITvL0TFh/Px5RUhcgzmZwwesvN5BXHMSLLjYAj1sXLPyf5qjsnJQV8v9PLYB6P58SFKmt97HD9FeOOuLz/kr5TQaMXOMOO+qksTaBLms3jVJfoY3XYjWi/XSieAS8vzqoU+b8SLebJg1ObiA4Nn8UIjsm0ufVzYq+7rwQTcczYSB6j3YDBY1tx3TfsZqvI8dQjfHFhJfhVLEEleUwAkJm2OU4aADW+rDV4AeMPWGNc6qLqNmgN11VXKuzQZ5JF36XBOpl9AtqtI0tENJ23UF2dMVo6Q00nqkcb/0/ZRlxjQLZRWUbXJZcHiPWZB/rYMSTHTEILmQyF2/sHIOCFUFOTCZJz/B11u05d7GnPPR6hxGkILGUpMwg4gA3RD7mwbDgibgKtUcX9daNYR4cC94706BZoBXa1Isljlm2UFZS/zWJ48f0SfiVLi7qeNSrO096aQjDEqkDs4yALYIkhi0TM3HAKribre9az2ED1MYJVq+nTBECSgv+rVt+JIScrLyKuCqgFO0W96VrfcRDD0l+Y8mZmejx6ozgr/eAijlRZqEjxNDpU+EZQ5IFK6LAlVpEspWOckVRfVUY1432gvhRAzfGDwQd9ejm3AinZA4UpOqTilcktyoY6pPxZ77jMQHuZKF0gz8Hn1+3DQK4BfqpG7qE+G50iNCgi+OwEAHv28ucliwZ/cjx82WjaotViDo+cGCJvd9k6rAcXX7Gb62t5I3YJXRlx4unm+LrAXe+zfUaMB07SIrtcc9+2L44zm+/l4T4LrRQYowJqjZV1TJ+Y8uVpwGB2mRwosRiiJVYQyY9MLpgM30MtirPVLF9PKtSZIWsCJ4W12MwvhBIQi+FrxDqZB9tld5+/sTa/9z7k+YpFL+8aAlnuv26XFbi7ObapJNFMb1cZKBMo6pkq7zkHznj3hC2n02y4MtLxvPpJPZgMYEtIVZQoWu1Cq738br7Bx94j7VqKiXrVujc/pBjhyyqk8d3i8wTyuQqG1pf0N4gbLKQBBgpOtd8U/x5zRZ1NXH71e4nxbhbDiFnMTOWZ8dJh00EdQ5lueWa3NzTYv6UCKBcf6SoYzr8Vq+Yh5WU4wbxAmg8QzUTfIGkTJFMtmIi5gKBr/MmESQqxr
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <E2FA88FF6CB3CC4DB5B0A20D32AE4F77@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR07MB7804.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f7891d7-7698-414a-610d-08d946e9e037
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2021 17:07:35.2337 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hyN5QT5murZNt7rcnp/FQxqleJCjHGWGBrMS7+CLy+KcWZB3qhtWdLv8o3thtmHBB+YrtJb5Dxv/NrM+LMS1hmf+AXP7TtoaP7y5ZSB6svk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR07MB7563
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/AlU3Er7GM1Wkew3wy6p9ZZzO614>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 17:07:43 -0000
Okay, I have to admit that I don't know who to use my mail client correctly and I've now seen that there are many replies. However, I hope the pointer to the manageability draft is still somewhat helpful... On 14.07.21, 19:01, "QUIC on behalf of Mirja Kuehlewind" <quic-bounces@ietf.org on behalf of mirja.kuehlewind=40ericsson.com@dmarc.ietf.org> wrote: Hi Stephane, I just found this older mail and didn't really see a reply, so here a quick note: You are right that it's really hard to avoid tracking completely, just because if one flow stops sending to server but that the same time another flow starts sending with the same "speed" it likely that it is actually the same flow. Maybe a few notes on this are in the manageability document here: https://datatracker.ietf.org/doc/html/draft-ietf-quic-manageability-11#section-3.5 Not sure what else to say... Mirja On 07.06.21, 14:39, "QUIC on behalf of Stephane Bortzmeyer" <quic-bounces@ietf.org on behalf of bortzmeyer@nic.fr> wrote: I was thinking about the privacy risks of QUIC and there is one where I'm not sure what to think of it, and for which I cannot find any discussion in the archives of the WG. Long-term QUIC connections may enable some user tracking, even when the user changes its IP address, without even needing HTTP cookies or things like that. I am not sure it is a real problem in practice because it's not new (HTTP/2 offered similar possibilities), there are many other ways to track users (HTTP cookies, browser fingerprinting, Google Analytics), and they even work cross-servers. But it can be a problem for privacy-oriented technologies (QUIC cannot currently work over Tor but may be in the future?) I do not find discussions about that. Was it considered? (If so, you are welcome to reply "Search with mailarchive yourself" but I prefer if it comes with URLs and/or approximate datetimes.) Is it, for instance, a good idea to advise privacy-oriented clients to always shut down QUIC connections when IP address changes?
- Re: A question about user tracking with QUIC Robin MARX
- A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Lucas Pardue
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Mikkel Fahnøe Jørgensen
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Mikkel Fahnøe Jørgensen
- Re: A question about user tracking with QUIC Mikkel Fahnøe Jørgensen
- Re: A question about user tracking with QUIC Christian Huitema
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Töma Gavrichenkov
- Re: A question about user tracking with QUIC Roy T. Fielding
- Re: A question about user tracking with QUIC Lucas Pardue
- Re: A question about user tracking with QUIC Spencer Dawkins at IETF
- Re: A question about user tracking with QUIC Christian Huitema
- Re: A question about user tracking with QUIC Lucas Pardue
- Re: A question about user tracking with QUIC Spencer Dawkins at IETF
- Re: A question about user tracking with QUIC Christian Huitema
- IETF hosting vs. Github Stephane Bortzmeyer
- Re: IETF hosting vs. Github Willy Tarreau
- Re: IETF hosting vs. Github Lars Eggert
- Re: IETF hosting vs. Github Willy Tarreau
- Re: A question about user tracking with QUIC Behcet Sarikaya
- Re: A question about user tracking with QUIC Roberto Peon
- Re: A question about user tracking with QUIC Mirja Kuehlewind
- Re: A question about user tracking with QUIC Mirja Kuehlewind