document identity correlation attacks and defenses / Removing Apache Recommendation
Closed, ResolvedPublic

Description

Summary:

Apache includes everything and the kitchen sink. Some of its features are bad for privacy and leaks info about a server's configuration:

https://mascherari.press/why-onionscan-should-worry-you/
https://mascherari.press/thwarting-identity-correlation-attacks/

Alternatives to Apache we can possibly recommend instead: Nginx, reverse proxies in general, anything very simple that's enough for most people.

Related Documentation:

https://www.whonix.org/wiki/Hidden_Services#Hidden_Webserver

ALPaCA defense
https://forums.whonix.org/t/website-fingerprinting-defenses-at-the-application-layer
?

Details

Impact
Normal
HulaHoop created this task.Jul 15 2016, 4:11 PM
Patrick renamed this task from Removing Apache Recommendation to document identity correlation attacks and defenses / Removing Apache Recommendation.Jul 16 2016, 1:05 PM
Patrick added a project: Whonix 14.
Patrick updated the task description. (Show Details)Mar 14 2017, 8:21 PM

Great! Anything else to do here?

HulaHoop closed this task as Resolved.Apr 18 2017, 2:12 PM
HulaHoop claimed this task.

No :)