Use of HTTP compression potentially exposes chaff response #2
Description
If HTTP compression is enabled on the server, it might be possible that the use of chaff could be detected by observing the compression potential of valid vs chaff responses.
For example, if a valid response is 64 bytes of JSON text, that will likely compress to a significantly smaller size than 64 bytes of data with a higher degree of entropy. So, if the tracker is recording the response payload size prior to the application of compression by the server, the corresponding implications from data compression will not be accounted for when generating the chaff response size.
I wanted to toss this out there as a possible idea just in case it was overlooked. Happy to talk it through further if you'd like. :)