SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

For the more technical/geeky chat subjects!

Moderator: satrow

User avatar
nicolaasjan
Hobby Astronomer
Hobby Astronomer
Posts: 15
Joined: Fri, 28 Jul 2017, 14:44
Location: The Netherlands

SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby nicolaasjan » Thu, 15 Nov 2018, 18:09

SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

I just stumbled upon this article, which is way beyond my knowledge, but I wonder if Pale Moon is affected by this as well?
And if so, what is the best way to mitigate this, without breaking websites?
Linux Mint 17.3
Pale Moon latest

User avatar
billmcct
Lunatic
Lunatic
Posts: 453
Joined: Tue, 04 Sep 2012, 15:19
Location: Atlanta Georgia USA

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby billmcct » Thu, 15 Nov 2018, 18:56

In about:config the default for "security.tls.enable_0rtt" is false.
If you have changed it to True then disable it by setting it to False.
Win 7 x64 - Pale Moon 28x x32

User avatar
nicolaasjan
Hobby Astronomer
Hobby Astronomer
Posts: 15
Joined: Fri, 28 Jul 2017, 14:44
Location: The Netherlands

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby nicolaasjan » Thu, 15 Nov 2018, 19:19

billmcct wrote:In about:config the default for "security.tls.enable_0rtt" is false.
If you have changed it to True then disable it by setting it to False.


Hi,
Thanks for your answer.
My settting for "security.tls.enable_0rtt_data" is default (false).

But what about these 3 other settings:

security.ssl.disable_session_identifiers (hidden feature in Firefox)
security.ssl.enable_false_start (true, but false is recommended by him)
privacy.firstparty.isolate (non existent or hidden in Pale Moon)
Linux Mint 17.3
Pale Moon latest

User avatar
nicolaasjan
Hobby Astronomer
Hobby Astronomer
Posts: 15
Joined: Fri, 28 Jul 2017, 14:44
Location: The Netherlands

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby nicolaasjan » Thu, 15 Nov 2018, 19:39

There is a thread about this issue on r/Firefox (sorry...) as well, with comments of the author of the article.
Linux Mint 17.3
Pale Moon latest

User avatar
Isengrim
Astronaut
Astronaut
Posts: 548
Joined: Tue, 08 Sep 2015, 22:54
Location: 127.0.0.1
Contact:

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby Isengrim » Thu, 15 Nov 2018, 20:50

Related thread here: viewtopic.php?f=13&t=20702
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 build 1803 (64-bit) (Sometimes)
We are our choices.

User avatar
billmcct
Lunatic
Lunatic
Posts: 453
Joined: Tue, 04 Sep 2012, 15:19
Location: Atlanta Georgia USA

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby billmcct » Thu, 15 Nov 2018, 22:20

Two have to be created: Don't really know if they will even work in PM.
security.ssl.disable_session_identifiers set to True
privacy.firstparty.isolate set to False as the article says it can break websites. If websites break toggle to True

security.ssl.enable_false_start set to False

The article you linked explained all this.
Win 7 x64 - Pale Moon 28x x32

User avatar
gepus
Fanatic
Fanatic
Posts: 171
Joined: Thu, 14 Dec 2017, 12:59

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby gepus » Thu, 15 Nov 2018, 22:38

billmcct wrote:Two have to be created: Don't really know if they will even work in PM.

Assuming that Pale Moon's 28 code base is based on that of Firefox 52 then the hidden pref security.ssl.disable_session_identifiers should apply if created. So far so good.
However it's strange that privacy.firstparty.isolate is missing in Pale Moon 28 whereas it was present (and never hidden) in Firefox 52.

It would be great if someone with expertise would be so kind to enlighten us.

User avatar
nicolaasjan
Hobby Astronomer
Hobby Astronomer
Posts: 15
Joined: Fri, 28 Jul 2017, 14:44
Location: The Netherlands

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby nicolaasjan » Fri, 16 Nov 2018, 10:20

billmcct wrote:Two have to be created: Don't really know if they will even work in PM.
security.ssl.disable_session_identifiers set to True
privacy.firstparty.isolate set to False as the article says it can break websites. If websites break toggle to True

security.ssl.enable_false_start set to False

The article you linked explained all this.


Sorry I was not really clear.
But the article is about Firefox and we are using Pale Moon.

If all 4 preferences need to be set according to his recommendation, then the issue cannot be fully mitigated in Pale Moon when one or two "don't work".

As @gepus said, "it would be great if someone with expertise would be so kind to enlighten us".
Linux Mint 17.3
Pale Moon latest

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22432
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby Moonchild » Fri, 16 Nov 2018, 14:53

It all depends on what you feel you need to "fully mitigate". All of this touches different parts of security and privacy.

  • If you feel that the normal TLS session duration for servers (generally set to 10 minutes) is too long and you are worried that you may get tracked through it, i.e. you will be requesting resources from the same TLS host within that time from different locations on the web and fear that those hosts are actively keeping track of your session that way, then by all means, disable session identifiers and force a renegotiation every time your protocol TTL expires. As stated before this imposes significant overhead and will cause noticeable latency by disabling an essential part of TLS session management.
  • If you feel that TLS false starts are a security risk (they aren't really, because it just means you are sending the encrypted HTTP GET before you get the final TLS finished response from the server, i.e. the moment you have enough data on the client side to send an encrypted request) then you can disable that option and go from 1-RTT to 2-RTT for a TLS connection start. Tracking is NOT possible through false starts.
  • 0-RTT with TLS 1.3 is trickier and has a replay attack risk. All 0-RTT solutions require sending key material and encrypted data from the client without waiting for any feedback from the server, meaning a bad actor can intercept and replay the connection. This is a significant risk and the reason why it is disabled in Pale Moon.
  • First party isolation only comes into play when you feel you need to mitigate tracking of your presence on sites where a 1st party visit can be linked to content (usually 3rd party) on another website. I don't see this as a particular risk since you are already trusting those websites with your more lenient 1st party visit and data storage.

If you want to know more details about how false starts, TCP fast open and 0RTT data work, I suggest you check out Microsoft's article on the matter which explains it in a way any layman can understand (something that's not my forte).
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
JustOff
Localization Coordinator
Localization Coordinator
Posts: 1583
Joined: Thu, 03 Sep 2015, 19:47
Location: UA
Contact:

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby JustOff » Fri, 16 Nov 2018, 16:14

I also want to add that First Party Isolation is known to lead to incorrect work of sites (and therefore it's still disabled by default even in recent versions of Firefox), while its implementation in UXP applications (Pale Moon, Basilisk, etc.) is currently even incomplete.
Here are the add-ons I made in a spare time. That was fun!

User avatar
nicolaasjan
Hobby Astronomer
Hobby Astronomer
Posts: 15
Joined: Fri, 28 Jul 2017, 14:44
Location: The Netherlands

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby nicolaasjan » Fri, 16 Nov 2018, 16:46

JustOff wrote:I also want to add that First Party Isolation is known to lead to incorrect work of sites (and therefore it's still disabled by default even in recent versions of Firefox), while its implementation in UXP applications (Pale Moon, Basilisk, etc.) is currently even incomplete.


That makes me wonder why the Tor Browser developers decided to set "privacy.firstparty.isolate" to true... :o

Anyway, I decided to not change anything for now and on the occasions I really don't want to be tracked, like when searching for medical issues for example, I use the Tor Browser anyway.
Linux Mint 17.3
Pale Moon latest

User avatar
gepus
Fanatic
Fanatic
Posts: 171
Joined: Thu, 14 Dec 2017, 12:59

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby gepus » Fri, 16 Nov 2018, 18:50

JustOff wrote:I also want to add that First Party Isolation is known to lead to incorrect work of sites (and therefore it's still disabled by default even in recent versions of Firefox)

Yes, it may break cross-domain logins and site functionality.
JustOff wrote: while its implementation in UXP applications (Pale Moon, Basilisk, etc.) is currently even incomplete.

It explains the absence of the setting. Thanks!

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22432
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby Moonchild » Fri, 16 Nov 2018, 20:00

nicolaasjan wrote:That makes me wonder why the Tor Browser developers decided to set "privacy.firstparty.isolate" to true... :o

Because they are trying to push the envelope as hard and fast as possible. They don't care if the web breaks as long as their leak paranoia is satisfied.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

User avatar
Paleist
Hobby Astronomer
Hobby Astronomer
Posts: 15
Joined: Wed, 23 Aug 2017, 09:44

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby Paleist » Sat, 17 Nov 2018, 15:48

Moonchild wrote:
nicolaasjan wrote:That makes me wonder why the Tor Browser developers decided to set "privacy.firstparty.isolate" to true... :o

Because they are trying to push the envelope as hard and fast as possible. They don't care if the web breaks as long as their leak paranoia is satisfied.


Yeah, they tend to do a bit too much. I'd have liked to play with that setting, but the really important ones are the other three.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22432
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby Moonchild » Tue, 20 Nov 2018, 08:55

Paleist wrote:but the really important ones are the other three.

... of which only the 0rtt-data one is actually bearing any risk, and that is disabled by default. The other two are really not an issue. The person writing the article is making some assumptions about how session identifiers are stored and for how long that are quite incorrect.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Goodydino
Lunatic
Lunatic
Posts: 389
Joined: Tue, 10 Oct 2017, 21:20

Re: SuperCooKey – A SuperCookie Built Into TLS 1.2 and 1.3

Unread postby Goodydino » Sat, 15 Dec 2018, 19:21

... a canvas fingerprint?

Mod Edit: keep on topic, please.
Last edited by satrow on Sun, 16 Dec 2018, 10:28, edited 1 time in total.


Return to “Technical chat”

Who is online

Users browsing this forum: No registered users and 1 guest