Re: [Tails-dev] [tor-talk] secure and simple network time …

Delete this message

Reply to this message
Autor: Jacob Appelbaum
Data:  
Dla: The Tails public development discussion list
CC: tor-talk, Elly Fong-Jones
Temat: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
adrelanos:
>>
>> We already fail this test, no?
>
> Not necessarily. This is a difficult question.
>


Tor does not hide that you are using Tor and using Tails or Whonix is an
example of a system only emitting Tor traffic. It depends on your threat
model but generally, we'd just making up "someone could" as a network
distinguisher. I assert that someone could watch - see no traffic except
encrypted traffic, decide it is Tor and then decide you're running Tails
or Whonix.

Also, the way these systems do TLS handshakes will reveal your current
clock as well as other details - such as if you're using Whonix or Tails
(if one caches the consensus, and the other doesn't).

> Tails:
> (For your ISP or local network administrator)
> https://tails.boum.org/doc/about/fingerprint/index.en.html
>
> Whonix (since interested in this topic as well):
> https://sourceforge.net/p/whonix/wiki/Fingerprint/#for-your-isp-or-local-network-administrator
>
> My point is, even if the answer is at the moment "we fail that test",
> it's hopefully "possible to fix" as well. And, we should try to prevent
> adding new factors, which could worsen the current status, if that
> appears (already) attractive and doable.


Well, TLS is the default transport and so, I think TLS is the best way
to get time information. We're not really going to stick out any more
than the rest of the TLS traffic - in fact, we might even stick out less
because we have a valid cert and it isn't Tor, it's a shared network
time program. I admit, it can probably be fingerprinted but I think that
fingerprinting it won't look much different from the rest of the TLS
traffic - it will look lets say, less sketchy?

>
> Of course, the already existing (or new) operating system fingerprinting
> by ISP issues could still get fixed when they get real world issues. For
> example, Tails could mimic a mainstream operating system, by running one
> untorified in a VM or chroot; and letting pluggable transports doing the
> obfuscation for Tor traffic.
>


I'd be curious what snoopy says about any of the systems?

http://www.sensepost.com/blog/7557.html

>> Hell, who is even testing for that except
>> potential censors?
>
> Potential censors, yes. Other, I don't have an answer.


Well, if we want to red team it, we should set up some parameters and go
for it?

All the best,
Jacob