Evaluating practical QUIC website fingerprinting defenses for the masses

Abstract: Website fingerprinting (WF) is a well-known threat to users' web privacy. New Internet standards, such as QUIC, include padding to support defenses against WF. Previous work on QUIC WF only analyzes the effectiveness of defenses when users are behind a VPN. Yet, this is not how most users browse the Internet. In this paper, we provide a comprehensive evaluation of QUIC-padding-based defenses against WF when users directly browse the web, i.e., without VPNs, HTTPS proxies, or other tunneling protocols. We confirm previous claims that network-layer padding cannot provide effective protection against powerful adversaries capable of observing all traffic traces. We show that the claims hold even against adversaries with constraints on traffic visibility and processing power. We then show that the current approach to web development, in which the use of third-party resources is the norm, impedes the effective use of padding-based defenses as it requires first and third parties to coordinate in order to thwart traffic analysis. We show that even when coordination is possible, in most cases, protection comes at a high cost.Peer reviewe

“As usual, I'll have to take an IOU”: W.E.B. Du Bois, the gift of black music and the cultural politics of obligation

In The Souls of Black Folk (1903) W. E. B. Du Bois described African American music as a “gift” to America, contesting the tendency to regard white interest in black culture as appropriation or theft. Yet this metaphor invoked the complex circuits of indebtedness and obligation that are intrinsic to gift exchange in anthropological accounts of the practice, challenging white recipients of the gift to make adequate response. This challenge is most systematically addressed in a sequence of films that tell stories about white enthusiasm for the blues. The Blues Brothers (1980), Crossroads (1986), Blues Brothers 2000 (1998) and Black Snake Moan (2006) depict the blues as a gift and explore how whites might appropriately acknowledge and reciprocate for receiving it in a culture distorted by racial inequalities. The films develop a distinct set of narrative conventions for handling the politics of racial obligation, vacillating between seeing black music as a transracial cultural resource on the one hand and as a racially defined, inalienable possession of African Americans on the other. Using these same conventions, Honeydripper (2007) invites us to see the process of cultural exchange from a different perspective in which the problematic status of the blues as racialized property is diminished

In search of CurveSwap: Measuring elliptic curve implementations in the wild

We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 0.77% of HTTPS hosts, 0.04% of SSH hosts, and 4.04% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms

Clinical outcomes in high-hypoglycaemia-risk patients with type 2 diabetes switching to insulin glargine 300 U/mL versus a first-generation basal insulin analogue in the United States: Results from the DELIVER High Risk real-world study

Aims: To compare 12-month clinical effectiveness of insulin glargine 300 units/mL (Gla-300) versus first-generation basal insulin analogues (BIAs) (insulin glargine 100 units/mL [Gla-100] or insulin detemir [IDet]) in patients with type 2 diabetes (T2D) who were at high risk of hypoglycaemia and switched from one BIA to a different one (Gla-300 or Gla-100/IDet) in a real-world setting. // Methods: DELIVER High Risk was a retrospective observational cohort study of 2550 patients with T2D who switched BIA to Gla-300 (Gla-300 switchers) and were propensity score-matched (1:1) to patients who switched to Gla-100 or IDet (Gla-100/IDet switchers). Outcomes were change in glycated haemoglobin A1c (HbA1c), attainment of HbA1c goals (<7% and <8%), and incidence and event rates of hypoglycaemia (all-hypoglycaemia and hypoglycaemia associated with an inpatient/emergency department [ED] contact). // Results: HbA1c reductions were similar following switching to Gla-300 or Gla-100/IDet (−0.51% vs. −0.53%; p = .67), and patients showed similar attainment of HbA1c goals. Patients in both cohorts had comparable all-hypoglycaemia incidence and event rates. However, the Gla-300 switcher cohort had a significantly lower risk of inpatient/ED-associated hypoglycaemia (adjusted odds ratio: 0.73, 95% confidence interval: 0.60–0.89; p = .002) and experienced significantly fewer inpatient/ED-associated hypoglycaemic events (0.21 vs. 0.33 events per patient per year; p < .001). // Conclusion: In patients with T2D at high risk of hypoglycaemia, switching to Gla-300 or Gla-100/IDet achieved similar HbA1c reductions and glycaemic goal attainment, but Gla-300 switchers had a significantly lower risk of hypoglycaemia associated with an inpatient/ED contact during 12 months after switching

The SED Machine: a robotic spectrograph for fast transient classification

Current time domain facilities are finding several hundreds of transient astronomical events a year. The discovery rate is expected to increase in the future as soon as new surveys such as the Zwicky Transient Facility (ZTF) and the Large Synoptic Sky Survey (LSST) come on line. At the present time, the rate at which transients are classified is approximately one order or magnitude lower than the discovery rate, leading to an increasing "follow-up drought". Existing telescopes with moderate aperture can help address this deficit when equipped with spectrographs optimized for spectral classification. Here, we provide an overview of the design, operations and first results of the Spectral Energy Distribution Machine (SEDM), operating on the Palomar 60-inch telescope (P60). The instrument is optimized for classification and high observing efficiency. It combines a low-resolution (R$\sim$100) integral field unit (IFU) spectrograph with "Rainbow Camera" (RC), a multi-band field acquisition camera which also serves as multi-band (ugri) photometer. The SEDM was commissioned during the operation of the intermediate Palomar Transient Factory (iPTF) and has already proved lived up to its promise. The success of the SEDM demonstrates the value of spectrographs optimized to spectral classification. Introduction of similar spectrographs on existing telescopes will help alleviate the follow-up drought and thereby accelerate the rate of discoveries.Comment: 21 pages, 20 figure

nQUIC: Noise-Based QUIC Packet Protection

We present nQUIC, a variant of QUIC-TLS that uses the Noise protocol framework for its key exchange and basis of its packet protector with no semantic transport changes. nQUIC is designed for deployment in systems and for applications that assert trust in raw public keys rather than PKI-based certificate chains. It uses a fixed key exchange algorithm, compromising agility for implementation and verification ease. nQUIC provides mandatory server and optional client authentication, resistance to Key Compromise Impersonation attacks, and forward and future secrecy of traffic key derivation, which makes it favorable to QUIC-TLS for long-lived QUIC connections in comparable applications. We developed two interoperable prototype implementations written in Go and Rust. Experimental results show that nQUIC finishes its handshake in a comparable amount of time as QUIC-TLS

Keeping Each Other Safe : Young Refugees’ Navigation Towards a Good Life in Finland, Norway, and Scotland

The metaphor of navigation has been used to investigate the social and moral movements people make in changeable or fluctuating circumstances, as well as to shed light on the intersection of people, practices and the changing contexts and social forces around them. In this chapter, we first provide a short overview of navigation as a metaphor, and how the situations of young refugees might add to the multiple meanings of navigation. Using empirical data from the international NordForsk-funded project Drawing Together: Relational wellbeing in the lives of young refugees in Finland, Norway and Scotland, we explore how young refugees socially and morally navigate through the complex and unstable circumstances of building new lives and new social networks in host countries. Then, turning to our findings, we discuss how ‘living well’ involves not only movement towards individual goals, but also movement with, for the sake of, and in relation to important people locally and transnationally. We conclude the chapter by envisioning the destination of young refugees’ navigation as hinted at by the data: a world worth living in for all.Peer reviewe

The NAtional randomised controlled Trial of Tonsillectomy IN Adults (NATTINA) : a clinical and cost-effectiveness study: study protocol for a randomised control trial

This project is funded by the National Institute for Health Research (NIHR) Health Technology Assessment (HTA) Programme (project number 12/146/06).BACKGROUND: The role of tonsillectomy in the management of adult tonsillitis remains uncertain and UK regional variation in tonsillectomy rates persists. Patients, doctors and health policy makers wish to know the costs and benefits of tonsillectomy against conservative management and whether therapy can be better targeted to maximise benefits and minimise risks of surgery, hence maximising cost-effective use of resources. NATTINA incorporates the first attempt to map current NHS referral criteria against other metrics of tonsil disease severity. METHODS/DESIGN: A UK multi-centre, randomised, controlled trial for adults with recurrent tonsillitis to compare the clinical and cost-effectiveness of tonsillectomy versus conservative management. An initial feasibility study comprises qualitative interviews to investigate the practicality of the protocol, including willingness to randomise and be randomised. Approximately 20 otolaryngology staff, 10 GPs and 15 ENT patients will be recruited over 5 months in all 9 proposed main trial participating sites. A 6-month internal pilot will then recruit 72 patients across 6 of the 9 sites. Participants will be adults with recurrent acute tonsillitis referred by a GP to secondary care. Randomisation between tonsillectomy and conservative management will be according to a blocked allocation method in a 1:1 ratio stratified by centre and baseline disease severity. If the pilot is successful, the main trial will recruit a further 528 patients over 18 months in all 9 participating sites. All participants will be followed up for a total of 24 months, throughout which both primary and secondary outcome data will be collected. The primary outcome is the number of sore throat days experienced over the 24-month follow-up. The pilot and main trials include an embedded qualitative process evaluation. DISCUSSION: NATTINA is designed to evaluate the relative effectiveness and efficiency of tonsillectomy versus conservative management in patients with recurrent sore throat who are eligible for surgery. Most adult tonsil disease and surgery has an impact on economically active age groups, with individual and societal costs through loss of earnings and productivity. Avoidance of unnecessary operations and prioritisation of those individuals likely to gain most from tonsillectomy would reduce costs to the NHS and society. TRIAL REGISTRATION: ISRCTN55284102, Date of Registration: 4 August 2014.Publisher PDFPeer reviewe