philanc at gmail.com
Mon Mar 8 21:59:53 GMT 2021
Privacy appears to be essential for Gemini users. A lot of discussions
revolve around TLS, TOFU and how to prevent man-in-the-middle (MITM)
There may be other attacks simpler to set up. Let's take an example:
Alice visits Bob's gemini capsule. Nathan is a young NSA analyst
assigned to this emerging Gemini thing. We assume Nathan has access to
the tcp stream between Alice and Bob. The stream is TLS-encrypted
(with the most recent TLS crypto). What can Nathan do?
Nathan quickly builds a gemini spider/indexer program and starts
collecting for all Gemini sites the accessible files as any user could
do. On whether Nathan's spider respects robots.txt, your guess is as
good as mine.
Nathan finds that Bob's capsule contains 3 files (this is just an
example!) which are 1KB, 5KB and 100KB large.
Now Nathan looks at Alice's encrypted traffic with Bob's server. Just
looking at the response sizes, Nathan knows what file(s) Alice has
accessed and their content (collected during the indexing phase). No
crypto, no MITM involved.
Of course, with lots of files in Bob's capsule, the matching is less
perfect, but it still leaks lots of information regarding what Alice
This is easier for Gemini than for https because Gemini documents are
precisely simpler. No keep-alive (or maybe I missed some recent Gemini
development?), each file is loaded in its own request-response
What countermeasures could we propose? I can think of a few more or
less practical approaches::
1. make sure the same file is never served with the same size - add
random white space at the end of gmi / txt / html files, add random
comments to pics, zip files, etc.
2. or add lots of "decoy" files (with all sorts of sizes) to your
capsule. It will make life more difficult for the attackers, ... but
also for the legit indexers.
3. Adopt a "twitter-like" approach: serve only fixed-size content.
Serve only 8 KB gmi pages and 32KB pics (didn't Solderpunk have an
experiment with fixed size pics?)
Do you consider that this type of attack is far-fetched? To set them
up, an access to the network is required (to log Alice transactions) -
so typically an ISP (or maybe a 3-letter agency :-) - maybe also
corporate IT, for a targeted attack against an employee.
Or do you think the Gemini/TLS privacy expectations should apply only
to non-indexable exchanges (CGI, user input)?
This is not to say that TLS does not protect against attacks. At the
moment the most obvious threat I can see that is really blocked by TLS
is not against privacy but against _integrity_, e.g. in the example
above, Alice's or Bob's ISP _injecting_ advertisement in Bob's
Has any server author designed some sort of countermeasure against
length-based attacks? Has it been already discussed?
More information about the Gemini