Markdown Version | Session Recording

Session Date/Time: 07 Nov 2025 16:30

PEARG

Summary

The PEARG session featured three main presentations and a brief teaser on an emerging topic. Arturo Filastò (UNI) discussed the current state of Encrypted Client Hello (ECH) deployment and presented evidence of adversarial interference, specifically blocking in Russia and its collateral damage. Kyle Hogan delivered a talk on threat models for privacy in advertising, highlighting the fundamental leakage of group-level information even with privacy-preserving techniques like differential privacy. Mallory Knodel provided an update on global legislative threats to encryption, focusing on the EU's "Chat Control" (CSAR) proposal, client-side scanning, link tracking, and traceability. The session concluded with a teaser from Paolo about a new concept for "source privacy" to counteract the profiling capabilities of client-facing servers introduced by ECH. Discussions throughout emphasized the complexity of internet ecosystems, the challenges of achieving privacy in a regulated environment, and the need for careful consideration of threat models and second-order effects.

Key Discussion Points

• Encrypted Client Hello (ECH) Deployment and Adversarial Interference:

  • ECH aims to encrypt the Server Name Indication (SNI) in TLS handshakes, initially as ESNI, evolving to encrypt the entire Client Hello.
  • The ECH configuration includes a "public name" (outer SNI) to satisfy middleboxes, distributed out-of-band via DoT/DoH.
  • Current ECH deployment is predominantly by Cloudflare, reinforcing the "privacy likes company" principle (i.e., widespread adoption improves privacy).
  • UNI's measurements using uniprobe provide open data on ECH functionality, failures, and deliberate blocking.
  • Evidence suggests adversarial interference in Russia: both "Greece" (fake ECH) and real ECH are treated identically on the wire. When ECH is present, blocking occurs, affecting unrelated sites (collateral damage).
  • User reports indicate disabling ECH as a workaround for connectivity issues in affected regions.
  • Historical parallels were drawn to Wikipedia/TLS blocking in Iran, where encryption leads to a binary choice for censors (block all or nothing).
  • Discussion:
    • The collateral damage from ECH blocking was noted as expected, similar to earlier ESNI blocking. The effectiveness of "Greece" (fake ECH) as a camouflage mechanism was questioned, with suggestions for further work on more effective "grease" mechanisms at the TLS working group.
    • The intentional nature of Russian blocking was clarified, rather than being mere collateral damage.
    • Concerns were raised about ECH's downsides for cybersecurity, including its adoption by malicious actors, and the limited scope of its privacy promise (only against on-path observers, not CDN operators).
    • The concept of a "threat model" was highlighted as fundamental for designing privacy-enhancing technologies.
    • The importance of open data for understanding complex internet systems and predicting ripple effects was emphasized.

• Threat Models for Privacy in Advertising:

  • Advertising funds much of the internet, making ad privacy critical for the "average person's experience of privacy." "Paying for privacy" is problematic.
  • No "perfect privacy" or "zero leakage" is achievable in advertising, necessitating a focus on contextually appropriate information revelation.
  • Theoretical notions of information leakage (e.g., individual privacy) may not guarantee "normative privacy" (what end-users actually want or are comfortable with).
  • Advertising inherently focuses on groups or audiences rather than just individuals.
  • Even with on-device targeting and differentially private metrics, information about user groups is leaked through ad targeting decisions and conversion metrics (e.g., an ad's success implies characteristics of the audience).
  • This "fundamental leakage" cannot be eliminated without rendering the advertising ecosystem dysfunctional.
  • Discussion on Differential Privacy (DP): DP primarily protects individuals within a population, assuming a representative sample with unknown membership. However, advertising audiences are often neither representative nor anonymous (e.g., mailing lists of known customers), making DP potentially insufficient for group-level privacy concerns.
  • Discussion:
    • A recommendation was made for metrics to be "targeting-aware," and to explore alternative statistical techniques like attribute privacy.
    • The need to raise the bar for attackers, even if perfection isn't achieved, was acknowledged.
    • The striking down of "pay or okay" models by competition authorities (not privacy authorities) was highlighted as a concerning trend, as it can push towards less privacy for everyone by resisting incremental improvements.

• Global Legislative Threats to Encryption:

  • Three technical approaches often proposed as encryption "backdoors" were described:
    • Client-side scanning: Scanning content before it's uploaded/encrypted. Technically problematic (systemic risk, not contained to specific content, perceptual hash matching is fraught), creates a "scanning pipeline" for any content.
    • Link tracking: Tracking users or content virality across encrypted systems. Requires access to message content, creating privacy issues.
    • Traceability: Enhanced metadata to track message origin or recipients in encrypted communications. Requires a complete redesign of messaging platforms and can create new expectations for data storage and reporting.
  • EU Chat Control (CSAR - Child Sexual Abuse Regulation):
    • A long-standing legislative proposal in Europe mandating client-side scanning, aiming to create a European equivalent of Nekmec.
    • Despite widespread objections from cryptographers, scientists, and data protection authorities, it frequently resurfaces due to the popularity of child safety initiatives.
    • Recent Status: The mandatory client-side scanning proposal recently failed to pass in a key vote (Germany stood aside), but the issue is not considered resolved and will likely return in some form.
    • The current proposal has shifted to voluntary scanning.
    • Concerns: Risks "age-gating" encryption, potentially banning younger users from private communications, which is considered severe given their vulnerability to security and privacy issues.
  • Other Regions:
    • France/Sweden: Considered national security-driven proposals for compelling on-device scanning, met with strong resistance (e.g., Signal threatening to leave Sweden).
    • India: Ongoing debate over "traceability" requirements, particularly affecting WhatsApp, as part of proposed IT rules, often framed in terms of fighting drugs and crime.
    • Canada: Discussed link tracking related to social media and news content, and has seen proposals for an Online Harms Act and lawful access provisions in the Strong Borders Act.
  • Discussion:
    • A participant from the child protection sector emphasized the importance of CSAR for preventing the sharing of child sexual abuse imagery, arguing that voluntary compliance by tech companies is insufficient. The technical mandate for scanning was presented as the core disagreement point, preventing passage of other common-sense measures.
    • Concerns were raised about double standards, where proposals sometimes include exemptions for government employees from such scanning.
    • While acknowledging the importance of fighting CSAM, the community generally holds that fact-based discussions are crucial, and that the argument that "perceptual hash matching is bad" may not be a durable counter-argument to breaking strong encryption; rather, the broader systemic risks and fundamental value of confidential communication are key. Much work remains to be done on unencrypted parts of the internet where CSAM is already prevalent.

• Teaser: Source Privacy:

  • The emergence of client-facing servers/CDNs (e.g., in ECH deployment) creates a new "middlebox" with planetary visibility of both client and destination, enabling mass surveillance and user profiling.
  • A concept for a "customer-facing relay" (CFR) was proposed to be implemented at the internet's edge (ISP/enterprise access edge) to preserve "source privacy."
  • The CFR would act as an anonymizer of NAT addresses for the customer, providing a set of IP addresses for targets belonging to the same client-facing server.
  • This solution aims to avoid new proxies, maintain network performance, and not disrupt existing protocols like ECH.

Decisions and Action Items

• Arturo Filastò will post details regarding the dip in the ECH deployment data chart on the PEARG mailing list.
• Paolo will establish a new mailing list (CFR) to discuss the "customer-facing relay" concept for source privacy.
• All participants were encouraged to join the PEARG mailing list for continued discussion of the presented topics.

Next Steps

• Continue discussions on ECH deployment, collateral damage, and mechanisms to enhance "grease" in TLS.
• Further research into threat models for advertising privacy, particularly group-level privacy and alternative statistical techniques beyond differential privacy.
• Ongoing vigilance and engagement regarding legislative efforts that threaten strong encryption, such as the EU CSAR, and similar initiatives in India and Canada.
• Development and refinement of the "customer-facing relay" architecture for source privacy, with community feedback and contributions sought.