adrelanos: > Jacob Appelbaum: >> adrelanos: >>>> >>>> We already fail this test, no? >>> >>> Not necessarily. This is a difficult question. >>> >> >> Tor does not hide that you are using Tor > > Yes, but... While making this point up, I saw pluggable transports as a > tool which can be thrown into the mix and make this a non-issue.
I don't think so - I also this this is non-trivial. Some pluggable transports may seek to obfuscate traffic or to morph it. However, they do not claim to hide that you are using Tor *in all cases* but rather in very specific cases. An example threat model includes a DPI device with limited time to make a classification choice - so the hiding is very specific to functionality and generally does not take into account endless data retention with retroactive policing. > > (In theory obfsproxy and alike tools can hide the fact that someone is > using Tor, which will be required against trying-hard-censurers so or > so. This assumes, that pluggable transports will win the arms race > against censors.) Perhaps for a time but again - rarely is anyone thinking about say, the one, five or ten year logging of full packets. > >> and using Tails or Whonix is an >> example of a system only emitting Tor traffic. > > The plan is... > > Whonix: > When using VMs (as most people do), there is still a host operating > system people start first - so there is not only Tor traffic. Tor usage > can be hidden by using pluggable transports. I would be very careful with that claim. It might be hidden and it might just be that no one is looking. > > Tails: > When this becomes an issue, there are two workarounds: > - running Tails in a VM (naturally requires starting a non-Tails os > beforehand) using pluggable transports to hide Tor usage > - booting a second computer with a non-Tails operating system behind the > same router, wait a bit, run Tails using pluggable transports to hide > Tor usage > > And one possible fix: boot the amnesic system, simulate "this is Debian" > (or other mainstream distro) by running it untorified in chroot or in a > VM; fire up Tor using pluggable transports to hide Tor usage. > > The point I wanted to make is, I can very well imagine, not to fail this > test, i.e. pretending to be a mainstream distribution, having non-Tor > traffic and obfuscating Tor traffic using pluggable transports. Perhaps > it can be prevented, that tlsdate introduces new operating system > fingerprinting possibilities for ISPs. > That's my point - I don't believe that tlsdate introduces anything more than what any OpenSSL TLS connection would introduce. The main difference is the host and *that* is currently a set of *extremely* popular hosts, way way more popular than Tor nodes or some random bridge or something. Yes, we could use obfsproxy in the mix but that is punting and a side step. >> It depends on your threat >> model but generally, we'd just making up "someone could" as a network >> distinguisher. > > Yes. > >> I assert that someone could watch - see no traffic except >> encrypted traffic, decide it is Tor and then decide you're running Tails >> or Whonix. > > I tried to picture solutions to that above. > That doesn't solve the fingerprinting issues - attackers can classify the number of users with different machines behind a NAT and often do so. All the best, Jacob _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev