08-19-2014 06:11 AM
By Richard Chirgwin, 19 Aug 2014
Activists just got another reason to worry about what spooks might be able to learn about them, with boffins demonstrating that a decent traffic fingerprint can tell an attacker what's going on, even if an app is defended by encryption.
The researchers from the Universities of Padua and Rome have found that for activities like posting messages on a friend's Facebook wall, browsing a profile on a social network, or sending an e-mail, there's no need to decrypt an encrypted data flow.
In this paper at Arxiv, the researchers note that even in the hands of a knowledgable user there are opportunities for “malicious adversaries willing to trace people … the adversary can still infer a significant amount of information from the properly encrypted traffic.”
The Register/ full article here/ http://www.theregister.co.uk/2014/08/19/think_cryp