This strikes me a busy work, to placate a degree program. A web proxy and NAT by any other name will manage to be buzzword friendly, capture naive adopters, earn the attention of journalists, and complete grad school or whatever.
Lol given that the author, Frank, has multiple publications at top conferences already, I don't think he needed to pad out his publication record in any way.
Frank here. I didn't really need the paper to complete grad school. I thought it was a cool project to work on. That's all. There are a lot of solutions to a lot of problems. I'm not claiming it's the best one, just presenting a different way of thinking.
It's not clear to me that Veil is better than that plus maybe a VPN or Tor, even for the sites where Veil could work at all.
My understanding of Veil is that Veil is an image-based proxy: One gives Veil the URL of the page to visit and one of Veil's array of proxy servers (which you must trust) returns an image of the page requested. The Veil URL presumably doesn't correspond to the real page URL and would be recycled after a short while (so the same Veil URL would return different images in the hopes of obfuscating what previous users looked up at that Veil URL).
From what I can ascertain Veil will fail to live up to the claims made in the TechCrunch article because those claims (such as "[Veil] masks the page you’re viewing not just from would-be attackers, but from your own operating system") are either impossible to meet or impossible to meet using one's own computer (a computer one presumably trusts). Sure, Veil renders your browser's history useless and your computer won't run the client-side programs (JS, WebAssembly, etc.) to see a webpage but I can avoid running that stuff now and simply choose not to visit pages that require such.
The paper makes more claims that are not really believable in the context of pitching Veil as a useful privacy-oriented service: for example, talking about a DNS cache as a point of privacy vulnerability is a noble goal but kind of silly when a server-side DNS log or (for many users) logs made en route (DNS is often done in the clear) will reveal DNS traffic. One doesn't need to go to the client to get this information.
With regard to getting information from the client, Veil does nothing to defeat frequent screen snapshotting or covert console recording (nor could it). That is an actual threat to one's privacy, particularly with proprietary software. Eventually information has to be decoded and displayed in cleartext before the user's eyes can see it and comprehend it. Therefore that's an attack point. The free software VM-based GNU/Linux OS Qubes faces the same vulnerability and there are no known solutions besides teaching people to value their software freedom (the freedom to run, inspect, share, and modify published software) and install only free software on one's computer. Contrary to the TechCrunch article, "security researchers will want to audit the code", everyone deserves software freedom not just security researchers and reading the source code is insufficient to assess its trustworthiness.
Perhaps Veil (image-based browsing) helps avoid some problems incurred through JS but Veil could create some problems too: it's not clear how or if filling out forms and form submission works, and the more interactive a site is via JS the less likely that site works with Veil. Even animated CSS is likely to fail here as a snapshot can't give you that animation. I imagine that Veil is useful if you don't mind giving up those things, and you somehow come to trust Veil's proxy servers (I'm not sure how one could assess such trustworthiness). Theoretically Veil could do image tile sliding and crossfading to reintroduce what is inherently lost with snapshots, but I'm guessing that's a lot more work than anyone will put into this.
I'm pretty sure I saw something like this many years ago when webpages were far more likely to be static HTML (and thus easily snapshotted for viewing), but that implementation focused on caching and website development (what does this page look like in these 5 browsers?), which strike me as more achievable goals.
Finally, I'm pretty tired of seeing research summaries or proposals as PDFs. It seems to me to be an awful tradeoff -- give up accessibility (I can't resize the fonts or use my preferred fonts) for some layout that, frankly, doesn't require a PDF in the first place. There's nothing shown in the Veil PDF that couldn't have been done on an ordinary HTML+CSS static webpage.
Veil has two modes. One is a image-based browsing. Another is focused on eliminated RAM artifacts and DNS caches on the operating systems side. I agree there are a lot of solutions, and we don't solve all the problems. The point is that we wanted to challenge the current notion that only browsers can provide incognito mode. We were thinking is there a way for developers to do this since they are the ones delivering the content in the first place.
The point of the paper was to create discussions like this! Thanks for your thoughts. I really appreciate it.
"Furthermore, it injects invisible garbage code into the page while also “mutating” the content (again, invisibly) so that you could load it a thousand times on the same computer and although it would look the same to you, any resulting digital fingerprints like hash, payload size and so on would always be different."
Sounds like they have an advantage over a VPN in having traffic analysis countermeasures.
