It’s been dead quiet the last four months here. Our plans changed quickly after the last post, shifting focus to gaining a better understanding of website fingerprinting attacks in more hostile adversarial settings, in the form of DNS-based traffic correlation attacks. The result of our work is being peer-reviewed, and in the near future we’ll release a preprint, code, and a large blog post describing some of our results. Due to working on new attacks on Tor–enhanced by a bug we found in Tor–we decided to not be open with our work until we had a reasonable understanding of the potential negative impact on users of Tor. Sorry for the lack of updates.

Next, for the last four months of HOT, we plan to resume our evaluation and design of pluggable transports for defending against website fingerprinting attacks. First up is an evaluation of basket2, the next-generation pluggable transport designed by the Tor project, against the Wa-kNN attack and DefecTor attacks (our new DNS-enhanced website fingerprinting attacks). In other words, we’re on the basket case!