[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

> Jacob Appelbaum:
>> adrelanos:
>>>> We already fail this test, no?
>>> Not necessarily. This is a difficult question.
>> Tor does not hide that you are using Tor
> Yes, but... While making this point up, I saw pluggable transports as a
> tool which can be thrown into the mix and make this a non-issue.

I don't think so - I also this this is non-trivial. Some pluggable
transports may seek to obfuscate traffic or to morph it. However, they
do not claim to hide that you are using Tor *in all cases* but rather in
very specific cases. An example threat model includes a DPI device with
limited time to make a classification choice - so the hiding is very
specific to functionality and generally does not take into account
endless data retention with retroactive policing.

> (In theory obfsproxy and alike tools can hide the fact that someone is
> using Tor, which will be required against trying-hard-censurers so or
> so. This assumes, that pluggable transports will win the arms race
> against censors.)

Perhaps for a time but again - rarely is anyone thinking about say, the
one, five or ten year logging of full packets.

>> and using Tails or Whonix is an
>> example of a system only emitting Tor traffic.
> The plan is...
> Whonix:
> When using VMs (as most people do), there is still a host operating
> system people start first - so there is not only Tor traffic. Tor usage
> can be hidden by using pluggable transports.

I would be very careful with that claim. It might be hidden and it might
just be that no one is looking.

> Tails:
> When this becomes an issue, there are two workarounds:
> - running Tails in a VM (naturally requires starting a non-Tails os
> beforehand) using pluggable transports to hide Tor usage
> - booting a second computer with a non-Tails operating system behind the
> same router, wait a bit, run Tails using pluggable transports to hide
> Tor usage
> And one possible fix: boot the amnesic system, simulate "this is Debian"
> (or other mainstream distro) by running it untorified in chroot or in a
> VM; fire up Tor using pluggable transports to hide Tor usage.
> The point I wanted to make is, I can very well imagine, not to fail this
> test, i.e. pretending to be a mainstream distribution, having non-Tor
> traffic and obfuscating Tor traffic using pluggable transports. Perhaps
> it can be prevented, that tlsdate introduces new operating system
> fingerprinting possibilities for ISPs.

That's my point - I don't believe that tlsdate introduces anything more
than what any OpenSSL TLS connection would introduce. The main
difference is the host and *that* is currently a set of *extremely*
popular hosts, way way more popular than Tor nodes or some random bridge
or something. Yes, we could use obfsproxy in the mix but that is punting
and a side step.

>> It depends on your threat
>> model but generally, we'd just making up "someone could" as a network
>> distinguisher.
> Yes.
>> I assert that someone could watch - see no traffic except
>> encrypted traffic, decide it is Tor and then decide you're running Tails
>> or Whonix.
> I tried to picture solutions to that above.

That doesn't solve the fingerprinting issues - attackers can classify
the number of users with different machines behind a NAT and often do so.

All the best,

tor-talk mailing list