There is an article[1] about finding out what location at google maps user is looking at, based on observing TLS packets and nothing else.
If task at hand is to match encrypted connection to a smaller number of alternative (say identify accesses to popular place, like gmail/facebook login page, etc), same technique of observing packet size distribution over time should probably work quite reliably, and cgiproxy will do nothing to hide it.
You don't necessarily want random padding; you really want every single packet exactly the same size, potentially with dummy data transmitted to mask data rate as well.
If task at hand is to match encrypted connection to a smaller number of alternative (say identify accesses to popular place, like gmail/facebook login page, etc), same technique of observing packet size distribution over time should probably work quite reliably, and cgiproxy will do nothing to hide it.
[1] http://www.ioactive.com/pdfs/SSLTrafficAnalysisOnGoogleMaps....