Quote:Analysis Transport Layer Security underpins much of the modern internet. It is the foundation of secure connections to HTTPS websites, for one thing. However, it can harbor a sting in its tail for those concerned about staying anonymous online.

Privacy advocates have long warned about the risks posed by various forms of web tracking. These include cookies, web beacons, and too many forms of fingerprinting to name.

Awareness of the issue has helped a bit. Apple recently rolled out improved tracking protection in Safari for macOS Mojave and iOS 12. Firefox earlier this year debuted an anti-tracking add-on called Facebook Container, among other improvements. And browsers like Brave and Tor Browser continue to offer more extensive privacy capabilities.

The privacy risks associated with web tracking, however, persist, and now it appears there's yet another mechanism for following people online. Blame researchers from the University of Hamburg in Germany for the latest expansion of the privacy attack surface.

In a paper distributed through ArXiv this week, computer science boffins Erik Sy, Hannes Federrath, Christian Burkert, and Mathias Fischer describe a novel tracking technique involving Transport Layer Security (TLS) session resumption.

Full reading: https://www.theregister.co.uk/2018/10/19/tls_handshake_privacy/