TLS 1.2 & 1.3 - Serious Privacy Implications

TLS 1.3 has a heavily touted feature called 0-RTT that has been paraded by CloudFlare as a huge speed benefit to users because it allows sessions to be resumed quickly from previous visits. This immediately raised an eyebrow for me because this means that full negotiation is not taking place.

After more research, I’ve discovered that 0-RTT does skip renegotiation steps that involve generating new keys.

This means that every time 0-RTT is used, the server knows that you’ve been to the site before, and it knows all associated IPs and sign-in credentials attached to that particular key.

In the article there are proposed Firefox settings workarounds

security.ssl.disable_session_identifiers (hidden feature)
security.ssl.enable_false_start
security.tls.enable_0rtt_data
privacy.firstparty.isolate

But there is no workaround yet to be found for Chrome, and I personally doubt one will be made available given Google's primary business model.

Yet another societal step towards the eventual goal of a complete global surveilance state.

You know the next step in the agenda is to make all internet anonymisation or obfuscation attempts illegal. Why should anyone be upset anyways. I mean only terrorists or pedophiles would really need to hide their identities. Isn't that how killing any remnents of privacy online will be justified.

China is already using the "public safety" line.

The country is racing to become the first to implement a pervasive system of algorithmic surveillance. Harnessing advances in artificial intelligence and data mining and storage to construct detailed profiles on all citizens, China’s communist party-state is developing a “citizen score” to incentivize “good” behavior. A vast accompanying network of surveillance cameras will constantly monitor citizens’ movements, purportedly to reduce crime and terrorism. While the expanding Orwellian eye may improve “public safety,” it poses a chilling new threat to civil liberties in a country that already has one of the most oppressive and controlling governments in the world.

Really, really scary stuff.

Thank you, I'm going to add those to my user.js in case they're missing.

Well yeah because negotiation has already taken place in the same session. i.e you already authenticated through login. So when you then connect through the VPN 1 minute later you are still technically using a live session. when session expires the 0-RTT is not possible a new one needs to be re-created.

Even if you don't use 0-RTT altogether doesn't matter since you're still needing to authenticate with the service. Still associates you with credentials and an IP......

At the end of the day you're still doing the same thing. Just not going through the process of 0-RTT, my only possible concern is if on a unsecure network and if there was any potential for MITM. But that is just me thinking ahead.

What happens if you logout and then login? Does the negotiation takes place?

EDIT: note I never used a VPN, so I don't really know if logging in/out makes the same sense as in any other service.

You're supposed to murder the session upon logout.

That's what I thought, but does 0-RTT overrides that if a cookie is present?

EDIT: I pose this question because I ALWAYS terminate my sessions (FF also cleans all cookies and sessions upon closing). But now I'm wondering if the negotiation can be overridden by this 0-RTT on services that use it.

I am pretty sure Internet Engineering Task Force (IETF) wouldn't allow 0-RTT to override it. I'm also sure the cookie would still require the session to still be open, i.e not logged out. Expiration of sessions can vary depends on what the set up from server side is.