At first thought, chaffing seems like a pretty good idea, but isn't it vulnerable to analysis? By which I mean, if the spooks can demonstrate (based on tracking identifiable markers in your cookies or some other means) that you're at your office, shouldn't they be able to effectively ignore any traffic from your home internet connection?
Maybe if we were all running Tor exit nodes or something, but naïve chaffing sounds pretty ... well, naïve.
Obviously this "chaff bot" will need to copy your user agent string and tracking cookies. It'd also need to behave exactly like a web browser in every way that can be detected. But is chaffing itself a good idea?
Maybe if we were all running Tor exit nodes or something, but naïve chaffing sounds pretty ... well, naïve.