I’m looking to identify the CONFIG buttons for this and disabling them when 5.6+ comes around. I think we already disable a similar feature? If so I’ll create a phab ticket to remind me. @madaidan
The config option is
CONFIG_MPTCP although what’s the point of disabling this?
The idea is the more complexity, the more security bugs and I was proven right when I found the research to back it:
I wonder how it can harm anonymity? It makes it easier to infer throughput of a stream
This is unrelated to the reverse path filtering stuff you already discussed.
Alright, that makes a lot of sense.
We can also disable it via the
net.mptcp.mptcp_enabled sysctl in security-misc.
It looks more like it helps anonymity. From the third link:
“Technology like MPTCP makes it much harder for surveillance states,” Pearce said. “If I split traffic across my cell provider and an ISP I may not trust, in order for a surveillance state to snoop they have to collaborate with all these parties. It’s a much harder proposition.”
Tor basically does this already though due to the 3 nodes in a circuit. Dunno if MPTCP would help. That’d be a question for Tor devs.
This is an open question from one of TPO’s web fingerprinting blog posts. It is not known if that’s the case yet.