[tor-talk] What the NSA cares about getting and defenses

Watson Ladd watsonbladd at gmail.com
Tue Oct 8 02:13:26 UTC 2013

Prompted by the Ars Technica reporting on QUANTUM, I took a look at the
slide and read the text, as well as compared to the MULLINIZE document
describing NAT breaking. My conclusion is that the NSA obtains significant
amounts of information from user activity in between closing browsers, and
that current Tor Browser Bundle remains vulnerable to this attack.

QUANTUM appears to rely on inserting fake references to third party assets
and manipulating cookies in the requests made by the browser in response. I
propose that we block third party cookies unless over HTTPS to mitigate
this problem, and try to encourage users to use more frequent new

MULLINIZE achieves the reliable tracking of individual users behind a NAT
through similar tricks. It is clear that the NSA views this information as
valuable, even without real-world addresses to tie to it. Linkability
across pages is difficult: breaking sessions is a major cost of the obvious
no cookies approach to preventing this sort of attack.


More information about the tor-talk mailing list