Autor: adrelanos Data: CC: Elly Fong-Jones, tor-talk, The Tails public development discussion list Assumpte: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
Jacob Appelbaum: > adrelanos:
>>>
>>> We already fail this test, no?
>>
>> Not necessarily. This is a difficult question.
>>
>
> Tor does not hide that you are using Tor
Yes, but... While making this point up, I saw pluggable transports as a
tool which can be thrown into the mix and make this a non-issue.
(In theory obfsproxy and alike tools can hide the fact that someone is
using Tor, which will be required against trying-hard-censurers so or
so. This assumes, that pluggable transports will win the arms race
against censors.)
> and using Tails or Whonix is an
> example of a system only emitting Tor traffic.
The plan is...
Whonix:
When using VMs (as most people do), there is still a host operating
system people start first - so there is not only Tor traffic. Tor usage
can be hidden by using pluggable transports.
Tails:
When this becomes an issue, there are two workarounds:
- running Tails in a VM (naturally requires starting a non-Tails os
beforehand) using pluggable transports to hide Tor usage
- booting a second computer with a non-Tails operating system behind the
same router, wait a bit, run Tails using pluggable transports to hide
Tor usage
And one possible fix: boot the amnesic system, simulate "this is Debian"
(or other mainstream distro) by running it untorified in chroot or in a
VM; fire up Tor using pluggable transports to hide Tor usage.
The point I wanted to make is, I can very well imagine, not to fail this
test, i.e. pretending to be a mainstream distribution, having non-Tor
traffic and obfuscating Tor traffic using pluggable transports. Perhaps
it can be prevented, that tlsdate introduces new operating system
fingerprinting possibilities for ISPs.
> It depends on your threat
> model but generally, we'd just making up "someone could" as a network
> distinguisher.
Yes.
> I assert that someone could watch - see no traffic except
> encrypted traffic, decide it is Tor and then decide you're running Tails
> or Whonix.