Gemini privacy

Stephane Bortzmeyer stephane at
Tue Mar 9 07:48:31 GMT 2021

On Mon, Mar 08, 2021 at 09:59:53PM +0000,
 Phil Leblanc <philanc at> wrote 
 a message of 64 lines which said:

> Now Nathan looks at Alice's encrypted traffic with Bob's
> server. Just looking at the response sizes, Nathan knows what
> file(s) Alice has accessed and their content (collected during the
> indexing phase).  No crypto, no MITM involved.

This attack is well known and, for HTTP, documented in many
articles. A general view of the problem and of countermeasures is
"Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis
Countermeasures Fail"

> What countermeasures could we propose? I can think of a few more or
> less practical approaches::

4. The client could obfuscate the traffic with many gratuitous
requests. See the excellent book "Obfuscation"

More information about the Gemini mailing list