fmaury/seirdy.one
1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-10 00:12:09 +00:00
Code Issues Projects Releases Wiki Activity

New note: ClientHello extension randomization

Browse source
This commit is contained in:
Rohan Kumar 2023-04-02 22:20:24 -07:00
parent 078949d640
commit fdf66a08a4
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
content/notes/clienthello-extension-randomization.md Normal file
View file

@ -0,0 +1,10 @@
---
title: "ClientHello extension randomization"
date: 2023-04-02T22:20:24-07:00
---
To limit ossification, Mozilla and Google have begun randomizing the order of TLS ClientHello extensions (as of [Chromium 110](https://chromestatus.com/feature/5124606246518784) and [NSS 3.84](https://bugzilla.mozilla.org/show_bug.cgi?id=1789436)).
I see this as a nice temporary solution to limit ossification introduced by corporate (in)security measures and middleboxes, but I'm not too optimistic about its impact on the CAPTCHA hell brought about by TLS fingerprinting. Increasingly, it looks like hosting providers will just treat any statistical anomalies in their logs as hostile traffic; any variance is a cause for suspicion, when it should be treated as an invitation to make sites more robust and compatible with different user agents. I don't see Google rolling out more aggressive measures since it likely leverages similar approaches for click-fraud detection.
Current approaches to click-fraud- and bot-detection encourage homogeneity, and thus [user domestication]({{<relref "/posts/whatsapp-and-the-domestication-of-users.md">}}).