
Veil is private browsing for the ultra-paranoid - sethbannon
https://techcrunch.com/2018/02/23/veil-is-private-browsing-for-the-ultra-paranoid/
======
techGrunch
This strikes me a busy work, to placate a degree program. A web proxy and NAT
by any other name will manage to be buzzword friendly, capture naive adopters,
earn the attention of journalists, and complete grad school or whatever.

~~~
Ar-Curunir
Lol given that the author, Frank, has multiple publications at top conferences
already, I don't think he needed to pad out his publication record in any way.

------
walterbell
How is this better than a diskless device running Tails, which does not
require trusting Veil servers?

~~~
Digital-Citizen
It's not clear to me that Veil is better than that plus maybe a VPN or Tor,
even for the sites where Veil could work at all.

My understanding of Veil is that Veil is an image-based proxy: One gives Veil
the URL of the page to visit and one of Veil's array of proxy servers (which
you must trust) returns an image of the page requested. The Veil URL
presumably doesn't correspond to the real page URL and would be recycled after
a short while (so the same Veil URL would return different images in the hopes
of obfuscating what previous users looked up at that Veil URL).

From what I can ascertain Veil will fail to live up to the claims made in the
TechCrunch article because those claims (such as "[Veil] masks the page you’re
viewing not just from would-be attackers, but from your own operating system")
are either impossible to meet or impossible to meet using one's own computer
(a computer one presumably trusts). Sure, Veil renders your browser's history
useless and your computer won't run the client-side programs (JS, WebAssembly,
etc.) to see a webpage but I can avoid running that stuff now and simply
choose not to visit pages that require such.

The paper makes more claims that are not really believable in the context of
pitching Veil as a useful privacy-oriented service: for example, talking about
a DNS cache as a point of privacy vulnerability is a noble goal but kind of
silly when a server-side DNS log or (for many users) logs made en route (DNS
is often done in the clear) will reveal DNS traffic. One doesn't need to go to
the client to get this information.

With regard to getting information from the client, Veil does nothing to
defeat frequent screen snapshotting or covert console recording (nor could
it). That is an actual threat to one's privacy, particularly with proprietary
software. Eventually information has to be decoded and displayed in cleartext
before the user's eyes can see it and comprehend it. Therefore that's an
attack point. The free software VM-based GNU/Linux OS Qubes faces the same
vulnerability and there are no known solutions besides teaching people to
value their software freedom (the freedom to run, inspect, share, and modify
published software) and install only free software on one's computer. Contrary
to the TechCrunch article, "security researchers will want to audit the code",
everyone deserves software freedom not just security researchers and reading
the source code is insufficient to assess its trustworthiness.

Perhaps Veil (image-based browsing) helps avoid some problems incurred through
JS but Veil could create some problems too: it's not clear how or if filling
out forms and form submission works, and the more interactive a site is via JS
the less likely that site works with Veil. Even animated CSS is likely to fail
here as a snapshot can't give you that animation. I imagine that Veil is
useful if you don't mind giving up those things, and you somehow come to trust
Veil's proxy servers (I'm not sure how one could assess such trustworthiness).
Theoretically Veil could do image tile sliding and crossfading to reintroduce
what is inherently lost with snapshots, but I'm guessing that's a lot more
work than anyone will put into this.

I'm pretty sure I saw something like this many years ago when webpages were
far more likely to be static HTML (and thus easily snapshotted for viewing),
but that implementation focused on caching and website development (what does
this page look like in these 5 browsers?), which strike me as more achievable
goals.

Finally, I'm pretty tired of seeing research summaries or proposals as PDFs.
It seems to me to be an awful tradeoff -- give up accessibility (I can't
resize the fonts or use my preferred fonts) for some layout that, frankly,
doesn't require a PDF in the first place. There's nothing shown in the Veil
PDF that couldn't have been done on an ordinary HTML+CSS static webpage.

~~~
ffwang2
Veil has two modes. One is a image-based browsing. Another is focused on
eliminated RAM artifacts and DNS caches on the operating systems side. I agree
there are a lot of solutions, and we don't solve all the problems. The point
is that we wanted to challenge the current notion that only browsers can
provide incognito mode. We were thinking is there a way for developers to do
this since they are the ones delivering the content in the first place.

The point of the paper was to create discussions like this! Thanks for your
thoughts. I really appreciate it.

------
fulafel
This sounds interesting:

"Furthermore, it injects invisible garbage code into the page while also
“mutating” the content (again, invisibly) so that you could load it a thousand
times on the same computer and although it would look the same to you, any
resulting digital fingerprints like hash, payload size and so on would always
be different."

Sounds like they have an advantage over a VPN in having traffic analysis
countermeasures.

------
arbie
Wouldn't a VPN+VDI provide the same functionality?

------
mirror23
I don't get it, whats the point? Is it like basically super-incognito mode,
not really helpful for privacy or anonymity

~~~
anotheryou
Tor browser + additional measures against fingerprinting of browser and
packages I guess.

