use of SSL and privacy from Larry Masinter on 2012-02-08 (www-tag@w3.org from February 2012)

From: Larry Masinter <masinter@adobe.com>
Date: Wed, 8 Feb 2012 05:21:48 -0800
To: "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <C68CB012D9182D408CED7B884F441D4D06A8978295@nambxv01a.corp.adobe.com>

Recently in a TAG discussion about SPDY the statement:

"The use of SSL for all SPDY interactions offers the promise of improved privacy on the Web."

was discussed. I objected to this statement.

I don't see how using SSL offers much of a promise at all for improved privacy on the Web. To really offer a promise of "improved privacy on the Web", a mitigation technique would have to actually be helpful in some of the privacy use cases.

The primary security threat model to HTTP, for which SSL is mitigation, is that of 3rd party observation of communication. For example:

A talks to B. Party C eavesdrops on the conversation (through packet sniffing, breaking into the routers between A and B, installing MITM interception).

SSL offers end-to-end encryption; without it, party C knows everything they are saying to each other.

The primary privacy threat is not from eavesdroppers, though. The main privacy threat cases are of the form:

A talks to B; B gathers and collects information about A's habits. B then subsequently shares B's knowledge about A with a third party C, without A's approval.

That is, "privacy" is primarily concerned with the passing on of information that was originally allowed, through explicit, intentional actions of one of the parties. Intrusion is not required or necessary.

Of course there are of course cases where poor security practices can also lead to loss of privacy (B tries to keep information about A private, but B's data storage is compromised), but even in those cases, SSL, being only a session-layer security method, doesn't offer any promise of improvement.

And even with SSL, an eavesdropper C still can observe traffic, and know that A is talking to B. Traffic analysis - knowing what URLs you have visited - could still be a privacy threat. In some of the privacy use cases ("insurance company observes potential health insurance applicant might have a prior condition because they have visited web sites devoted to discussions of expensive to treat illnesses"), traffic analysis is almost as serious a threat.

Could SSL actually REDUCE privacy?

I can imagine that using SSL for all transactions can also diminish privacy - by improving the fingerprint of clients who use SSL, by interfering with or increasing the cost of using, supplying, supporting proxy anonymizers, etc.

Conclusion:

I can't see any way that using SSL offers much of a promise of improved privacy on the Web. I don't think anyone should claim it offers such a promise without at least justifying that it does more good than harm.

Larry

Received on Wednesday, 8 February 2012 20:57:03 UTC