Jacob Appelbaum: > adrelanos: >> Jacob Appelbaum: >>> adrelanos: >>>>> >>>>> We already fail this test, no? >>>> >>>> Not necessarily. This is a difficult question. >>>> >>> >>> Tor does not hide that you are using Tor >> >> Yes, but... While making this point up, I saw pluggable transports as a >> tool which can be thrown into the mix and make this a non-issue. > > I don't think so - I also this this is non-trivial.
I know. It's absolutely non-trivial. From my distro packager perspective pluggable transports are just some magic boxes to throw into the mix, which get a job done. Great minds do all the thinking and coding. > Some pluggable > transports may seek to obfuscate traffic or to morph it. However, they > do not claim to hide that you are using Tor *in all cases* but rather in > very specific cases. An example threat model includes a DPI device with > limited time to make a classification choice - so the hiding is very > specific to functionality and generally does not take into account > endless data retention with retroactive policing. Ok. >> >> (In theory obfsproxy and alike tools can hide the fact that someone is >> using Tor, which will be required against trying-hard-censurers so or >> so. This assumes, that pluggable transports will win the arms race >> against censors.) > > Perhaps for a time but again - rarely is anyone thinking about say, the > one, five or ten year logging of full packets. Yes. >> >>> and using Tails or Whonix is an >>> example of a system only emitting Tor traffic. >> >> The plan is... >> >> Whonix: >> When using VMs (as most people do), there is still a host operating >> system people start first - so there is not only Tor traffic. Tor usage >> can be hidden by using pluggable transports. > > I would be very careful with that claim. It might be hidden and it might > just be that no one is looking. Yes, I wouldn't claim that in documentation, of course. When I said "Tor usage can be hidden by using pluggable transports." in this very context, I assume, that this magic box is working well. It's very clear to me, that this is a very strong assumption and that this involves a lot work done by other people creating that magic box. (If we wouldn't make that assumption, we probable wouldn't have to talk about fingerprinting issues.) It's all about censorship circumvention. I thought, when we assume that this magic box works reasonable well, it would be a pity if we now added something which could render the achievements by pluggable transports useless. >> >> Tails: >> When this becomes an issue, there are two workarounds: >> - running Tails in a VM (naturally requires starting a non-Tails os >> beforehand) using pluggable transports to hide Tor usage >> - booting a second computer with a non-Tails operating system behind the >> same router, wait a bit, run Tails using pluggable transports to hide >> Tor usage >> >> And one possible fix: boot the amnesic system, simulate "this is Debian" >> (or other mainstream distro) by running it untorified in chroot or in a >> VM; fire up Tor using pluggable transports to hide Tor usage. >> >> The point I wanted to make is, I can very well imagine, not to fail this >> test, i.e. pretending to be a mainstream distribution, having non-Tor >> traffic and obfuscating Tor traffic using pluggable transports. Perhaps >> it can be prevented, that tlsdate introduces new operating system >> fingerprinting possibilities for ISPs. >> > > That's my point - I don't believe that tlsdate introduces anything more > than what any OpenSSL TLS connection would introduce. The main > difference is the host and *that* is currently a set of *extremely* > popular hosts, way way more popular than Tor nodes or some random bridge > or something. Yes, we could use obfsproxy in the mix but that is punting > and a side step. Ok. >>> It depends on your threat >>> model but generally, we'd just making up "someone could" as a network >>> distinguisher. >> >> Yes. >> >>> I assert that someone could watch - see no traffic except >>> encrypted traffic, decide it is Tor and then decide you're running Tails >>> or Whonix. >> >> I tried to picture solutions to that above. >> > > That doesn't solve the fingerprinting issues - attackers can classify > the number of users with different machines behind a NAT and often do so. Well, I failed to describe what I meant with 100% accuracy due to my skills. I cut it here so you don't have to read so much. Just that: our opinions here don't differ at all and I got educated. You understand this topic better than me, the important point "it would be a pity if we now added something which could render the achievements by pluggable transports useless" has been considered, thank you for that. Best, adrelanos _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev