
Analyzing HTTPS Traffic to Identify User Operating System, Browser, Application - runesoerensen
http://arxiv.org/abs/1603.04865
======
tobltobs
I am wondering a bit about "To the best of our knowledge, this is the first
work that shows this." and the already existing p0f from
[http://lcamtuf.coredump.cx/](http://lcamtuf.coredump.cx/).

p0f has an higher error rate (if the 96% success rate are true) and it doesn't
give hints on an application level.

~~~
ivanr
Indeed, a simple search for "passive ssl fingerprinting" would have given them
a few leads, including my blog posts from 2009. It's not something anyone can
claim to be novel in 2016.

To their credit, they focus on traffic patterns, without looking at any data.
That's actually interesting, but a bit weird, because TLS leaks a lot of
information about clients in the ClientHello message. Incorporating the
additional information would have helped them increase the accuracy.

------
dang
Url changed from
[http://www.theregister.co.uk/2016/03/17/https_is_not_enough_...](http://www.theregister.co.uk/2016/03/17/https_is_not_enough_boffins_fingerprint_user_environments_without_cracking_crypto/),
which points to this.

