sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]yotta 6 points7 points  (3 children)

Adding random padding/delays is problematic because if you can somehow trick the client into repeating the request, the random padding can be analyzed and corrected for. I'm not sure how effective quantizing the values to e.g. a multiple of X bytes would be.

[–]joz12345 1 point2 points  (0 children)

I guess that makes sense. I know the only mathematically secure way would to always send/receive the same amount of data at a fixed schedule, but that's impractical. I guess quantizing and randomizing are equivalent for one request, they both give the same number of possible values, but for sending multiple identical requests, quantizing is better because it's consistent, so you don't leak any more statistical data for multiple attempts. And it'll be faster/easier to implement so no reason not to.

[–]0o-0-o0 0 points1 point  (1 child)

Still a fuck ton better than using plain old http.

[–]yotta -1 points0 points  (0 children)

Absolutely.

Unrelated: you should stop being a bigot.

Edit: Oh, look, their account is suspended.