mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

8.1K
active users

#deeppacketinspection

0 posts0 participants0 posts today

GDPR and the Intersection of Security and Privacy | JJ Katz | …corporate Deep Packet Inspection vs: GDPR, reconsidered…

Jon muses about whether DPI from a practical perspective is in conflict with GDPR

With web proxying, filtering, deep-packet inspection (or SSL inspection) and other tools a well-equipped SOC will be able to see everything, even the content of a user’s https sessions. And even though most Acceptable Use Policies (AUPs) prohibit personal use of work equipment, we all check our personal e-mail, make our doctor’s appointments, and browse Reddit on the corporate laptop.

https://www.linkedin.com/pulse/gdpr-intersection-security-privacy-jj-katz-qv2gc

www.linkedin.comGDPR and the Intersection of Security and PrivacyOver the past year I've discussed the intersection of privacy, morality, the GDPR, and security with some good friends. In one such thought exercise, we discussed the efficacy and morality of Deep Packet aka SSL Inspection.
Continued thread

Решаем проблему «деградации» YouTube с помощью NoDPI

#nodpi #youtube #unblock #DeepPacketInspection #deep_packet_inspection

NoDPI - это программа, которая играет роль локального прокси-сервера. Она обрабатывает проходящий через неё трафик таким образом, что это позволяет сбивать с толку системы DPI, установленные у провайдера. Отлично справляется с "разблокировкой" всех сайтов, к которым ограничен доступ с помощью DPI.

Исключения:
- сайты на HTTP (незащищенном протоколе),
- сайты не поддерживающие TLS v1.3,
- сайты, заблокированные по IP-адресу.

Исходный код, бинарники, подробная инструкция по запуску:
github.com/GVCoder09/nodpi/

github.com/hufrea/byedpi - аналог на C

habr.com/ru/articles/911640/

[en] Paper "OpenVPN is Open to VPN Fingerprinting"

"... certain governments are attempting to restrict VPN access by identifying connections using ... DPI technology."

"To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN ..."

arxiv.org/abs/2403.03998

arXiv.orgOpenVPN is Open to VPN FingerprintingVPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.