Active-resistance: Obfuscate HTTPS upgrading
As part of the Collaborative ResistancE to Web Surveillance (CREWS)'s project with UCL we are going to build a prototype to understand of effectiveness of enhanced eavesdropping protection in Tor Browser.
Requiring encryption is passive resistance and consequently has strengths (is comparatively easy to reason about) but also weaknesses (requiring encryption leaks information about the browser’s configuration). In CREWS, we will also evaluate augmenting the passive resistance with active resistance by simulating insecure browser behavior. This approach will hide the fingerprint created through enabling HSTS and also hide the distinctive behavior of the augmented Tor Browser. This approach will enlarge the anonymity set that users belong to, and so enhance the level of privacy above that provided by passive resistance alone.