Linux 5.6 Includes Multipath TCP

I’m looking to identify the CONFIG buttons for this and disabling them when 5.6+ comes around. I think we already disable a similar feature? If so I’ll create a phab ticket to remind me. @madaidan

1 Like

The config option is CONFIG_MPTCP although what’s the point of disabling this?

1 Like

The idea is the more complexity, the more security bugs and I was proven right when I found the research to back it:

I wonder how it can harm anonymity? It makes it easier to infer throughput of a stream

This is unrelated to the reverse path filtering stuff you already discussed.

1 Like

Alright, that makes a lot of sense.

We can also disable it via the net.mptcp.mptcp_enabled sysctl in security-misc.

It looks more like it helps anonymity. From the third link:

“Technology like MPTCP makes it much harder for surveillance states,” Pearce said. “If I split traffic across my cell provider and an ISP I may not trust, in order for a surveillance state to snoop they have to collaborate with all these parties. It’s a much harder proposition.”

Tor basically does this already though due to the 3 nodes in a circuit. Dunno if MPTCP would help. That’d be a question for Tor devs.

1 Like

This is an open question from one of TPO’s web fingerprinting blog posts. It is not known if that’s the case yet.

1 Like

@HulaHoop’s prophecy has been fulfilled.