[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Jacob Appelbaum:
> adrelanos:
>>> We already fail this test, no?
>> Not necessarily. This is a difficult question.
> Tor does not hide that you are using Tor

Yes, but... While making this point up, I saw pluggable transports as a
tool which can be thrown into the mix and make this a non-issue.

(In theory obfsproxy and alike tools can hide the fact that someone is
using Tor, which will be required against trying-hard-censurers so or
so. This assumes, that pluggable transports will win the arms race
against censors.)

> and using Tails or Whonix is an
> example of a system only emitting Tor traffic.

The plan is...

When using VMs (as most people do), there is still a host operating
system people start first - so there is not only Tor traffic. Tor usage
can be hidden by using pluggable transports.

When this becomes an issue, there are two workarounds:
- running Tails in a VM (naturally requires starting a non-Tails os
beforehand) using pluggable transports to hide Tor usage
- booting a second computer with a non-Tails operating system behind the
same router, wait a bit, run Tails using pluggable transports to hide
Tor usage

And one possible fix: boot the amnesic system, simulate "this is Debian"
(or other mainstream distro) by running it untorified in chroot or in a
VM; fire up Tor using pluggable transports to hide Tor usage.

The point I wanted to make is, I can very well imagine, not to fail this
test, i.e. pretending to be a mainstream distribution, having non-Tor
traffic and obfuscating Tor traffic using pluggable transports. Perhaps
it can be prevented, that tlsdate introduces new operating system
fingerprinting possibilities for ISPs.

> It depends on your threat
> model but generally, we'd just making up "someone could" as a network
> distinguisher.


> I assert that someone could watch - see no traffic except
> encrypted traffic, decide it is Tor and then decide you're running Tails
> or Whonix.

I tried to picture solutions to that above.

<snipped the rest, where I can't answer>
tor-talk mailing list