In order to prevent websites from fingerprinting with network traffic recordings (of single servers and/or exit nodes), there have to be a bunch of more implementations on network-protocol level.
In my opinion, TLS itself is not secure enough to preserve anonymity because of the threat actor (ISP/gov) being able to have recordings of "when and what" is being requested in which Browser Engine on their tracked websites. They tend to scrape websites and have recordings of time differences when which assets of a website is requested, and there's differences between WebKit, Chromium, Edge, Firefox etc. in regards to CSS, HTML, images etc. also in terms of TLS fingerprints and how their TCP/UDP stack behaves.
I wish that Tor would have support for a couple more things that are necessary to really preserve privacy from the god's eye perspective of an ISP:
- Randomization of TLS fingerprint, in the sense that the order of offered ciphers in the handshake, the TCP window size etc is randomized.
- Traffic scattering (e.g. have multiple exit nodes that are selected via a ronin to request the resources from each website)
- Traffic "trailing", which inserts random amount of NULL bytes at the end (with randomized encodings, e.g. chunked encoding, gzip Transfer Encoding, etc)
- Offline cache for both HTTP/S, DNS and WS/WebRTC in the Browser, so that websites continue to work when they've been requested already. A lot of the Browser cache mechanics are useless because webservers are implementing stupid understandings of ETags which won't work with Tor due to them being connection-specific
- Cache headers have to be modified by the Tor proxy, because they can be abused for fingerprinting. ETag and Last-Modified date headers in combination with the Pragma/Cache headers can be used to uniquely re-identify Browser clients on the other end (e.g. by using a fixed datetime in the past for each new client like 1970-01-02 03:04:05).
- User-Agent headers have to be randomized and sticky to Tabs and what the website in those Tabs request, even when they're seemingly foreign domains; but even more so when those domains have a CNAME entry.
In the past I implemented a lot of the mentioned concepts into the Stealth prototype [1] which aimed to solve this by offering a local Proxy which routes/modifies/cleans network traffic and can be used by a webview that points to it (no matter whether it's a mobile or desktop one); but I had to shift focus with my efforts to cyber defense because we Europeans are getting hit by a lot of "Kremlin-loving hacker groups". At some point I wanted to revisit these ideas again, but who knows what the future holds.
In my opinion, TLS itself is not secure enough to preserve anonymity because of the threat actor (ISP/gov) being able to have recordings of "when and what" is being requested in which Browser Engine on their tracked websites. They tend to scrape websites and have recordings of time differences when which assets of a website is requested, and there's differences between WebKit, Chromium, Edge, Firefox etc. in regards to CSS, HTML, images etc. also in terms of TLS fingerprints and how their TCP/UDP stack behaves.
I wish that Tor would have support for a couple more things that are necessary to really preserve privacy from the god's eye perspective of an ISP:
- Randomization of TLS fingerprint, in the sense that the order of offered ciphers in the handshake, the TCP window size etc is randomized.
- Traffic scattering (e.g. have multiple exit nodes that are selected via a ronin to request the resources from each website)
- Traffic "trailing", which inserts random amount of NULL bytes at the end (with randomized encodings, e.g. chunked encoding, gzip Transfer Encoding, etc)
- Offline cache for both HTTP/S, DNS and WS/WebRTC in the Browser, so that websites continue to work when they've been requested already. A lot of the Browser cache mechanics are useless because webservers are implementing stupid understandings of ETags which won't work with Tor due to them being connection-specific
- Cache headers have to be modified by the Tor proxy, because they can be abused for fingerprinting. ETag and Last-Modified date headers in combination with the Pragma/Cache headers can be used to uniquely re-identify Browser clients on the other end (e.g. by using a fixed datetime in the past for each new client like 1970-01-02 03:04:05).
- User-Agent headers have to be randomized and sticky to Tabs and what the website in those Tabs request, even when they're seemingly foreign domains; but even more so when those domains have a CNAME entry.
In the past I implemented a lot of the mentioned concepts into the Stealth prototype [1] which aimed to solve this by offering a local Proxy which routes/modifies/cleans network traffic and can be used by a webview that points to it (no matter whether it's a mobile or desktop one); but I had to shift focus with my efforts to cyber defense because we Europeans are getting hit by a lot of "Kremlin-loving hacker groups". At some point I wanted to revisit these ideas again, but who knows what the future holds.
[1] https://github.com/tholian-network/stealth