this post was submitted on 28 Sep 2025
-5 points (30.8% liked)

Privacy

7356 readers
58 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
-5
HUGE tip for extra privacy for android (lemmy.world)
submitted 1 day ago by IndigoMoontrue@lemmy.world to c/privacy@lemmy.world
10 comments fedilink hide all child comments
 

On F-Droid and Droid-ify there is a very useful app called MockTraffic (all one word). This will increase your privacy by protecting you from ISP web traffic analysis. It does this by generating fake DNS and HTTP request.

Imagine you have 4 cars in a parking lot and you told someone to find them it would be easy if it's only those 4 cars. But now add hundreds of cars to that same parking lot and tell them to find it. Difficulty spike.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] tal@olio.cafe 3 points 1 day ago* (last edited 1 day ago) (1 children)

This will increase your privacy by protecting you from ISP web traffic analysis. It does this by generating fake DNS and HTTP request.

If you're the kind of attacker in a position to be doing traffic analysis in the first place, I suspect that there are a number of ways to filter this sort of thing out. And it's fundamentally only generating a small amount of noise. I suspect that most people who would be worried about traffic analysis are less worried about someone monitoring their traffic knowing that it's really 20% of their traffic going to particular-domain.com instead of just 2% of their traffic, and more that they don't know it to be known that they're talking to particular-domain.com at all.

For DNS, I think that most users are likely better-off either using a VPN to a VPN provider that they're comfortable with, DNS-over-HTTP, or DNSSEC.

HTTPS itself will protect a lot of information, though not the IP address being connected to (which is a significant amount of information, especially with the move to IPv6), analysis of the encrypted data being requested (which I'm sure could be fingerprinted to some degree for specific sites to get some limited idea of what a user is doing even inside an encrypted tunnel). A VPN is probably the best bet to deal with an ISP that might be monitoring traffic.

There are also apparently some attempts at addressing the fact that TLS's SNI exposes domain names in clear text to someone monitoring a connection

so someone may not know exactly what you're sending, but knowing the domain you're connecting to may itself be an issue.

In a quick test, whatever attempts to mitigate this have actually been deployed, SNI still seems to expose the domain in plaintext for the random sites that I tried.

$ sudo tcpdump -w packets.pcap port https

<browses to a few test websites in Chromium, since I'm typing this in Firefox, then kills off tcpdump process>

$ tshark -r packets.pcap -2 -R ssl.handshake.extensions_server_name

I see microsoft.com, google.com, olio.cafe (my current home instance), and cloudflare.net have plaintext SNI entries show up. My guess is that if they aren't deploying something to avoid exposure of their domain name, most sites probably aren't either.

In general, if you're worried about your ISP snooping on your traffic, my suggestion is that the easiest fix is probably to choose a VPN provider that you do trust and pass your traffic through that VPN. The VPN provider will know who you're talking to, but you aren't constrained by geography in VPN provider choice, unlike ISP choice. If you aren't willing to spend anything on this, maybe something like Tor, I2P, or, if you can avoid the regular Web entirely for whatever your use case is, even Hyphanet.

[โ€“] IndigoMoontrue@lemmy.world 1 points 1 day ago

There are a multitude of ways to do something. What I was naming is just another. I've been running mocktraffic for about 3 hours and it has sent over 2800 mock request. That is a lot of noise