[tor-dev] Pluggable-transport implementations of your website fingerprinting defenses

David Fifield david at bamsoftware.com
Mon Nov 10 17:59:52 UTC 2014

On Sun, Nov 09, 2014 at 08:23:33PM -0500, Xiang Cai wrote:
> I started to work on csbuflo code a long time ago, and I wasn’t using any
> version control software back then, so I don’t have file commit history either…
> Sorry about that.
> However, I only modified several core files based on openssh-5.9p1 source code:
> clientloop.c
> serverloop.c
> packet.c
> misc.c
> and related header files. A simple diff between these files and the original
> ssh code will tell you what I modified.
> I am not sure if the code is directly useable for your purpose, but I’ll
> briefly talk about what my code does, and hopefully, it will give you some help
> when reading the code. 
> The code actually implements the Glove system, which requires that both the
> client and server have a transcript of “super traces”. — I believe the location
> of the transcript is hardcoded as ‘/var/tmp/st.txt’ in my code …
> When visiting a website that is not shown in the transcript, the system falls
> back to use CSBuFLO scheme.

I see. Thanks for the references.

Building this code into a pluggable transport would be more work than I
had originally supposed. If there were a minimal network client and
server, only implementing the website fingerprinting defense, then I
wouldn't mind spending half a day to make them into a pluggable
transport. But as it stands, it looks like it will be more work,
essentially a reimplementation.

David Fifield

More information about the tor-dev mailing list