Re: [Tails-dev] todo/network_fingerprint

Delete this message

Reply to this message
Autor: intrigeri
Data:  
A: The Tails public development discussion list
Assumptes vells: [Tails-dev] todo/network_fingerprint
Assumpte: Re: [Tails-dev] todo/network_fingerprint
Hi,

(Sorry for the delay -- we're overwhelmed and under-staffed.)

adrelanos wrote (02 May 2013 01:52:01 GMT) :
> Since you are shipping pluggable transport obfs3, I conclude, that you
> want to serve users in censored areas, even if Tails design document
> does not state that explicitly.


I conclude the same :)

> In fact, Tor has a network fingerprint, which DPI boxes can detect and
> block. In what follows, pluggable transports are assumed to work
> reasonable well to beat (some of these) DPI boxes (for most of the time).


> Hence, I think, you will like Tails's network fingerprint detection
> resistance (from ISP perspective) , at least to the extend, that it
> beats DPI boxes at least as good as pluggable transports do.


If bridge mode (or whatever the censorship circumvention / Tails
detection protection option is called) is enabled, then yes. Would you
be willing to prepare a patch to our design/implementation doc that
makes this clear?

> You probable won't write into that design decision "we don't care if
> it becomes clear to ISP's, that someone is using Tails".


If bridge mode is not enabled, then until now, we've cared to some
limited extent only. I doubt we have the means to do any better unless
someone new starts working on this.

> What is also open to decide for you, is whether you like to improve the
> network fingerprint (from ISP perspective) when these problems start
> having real world impacts (censors start censoring based on Tails
> network fingerprint) or precautionary.


I think we're trying to be proactive about making it harder to detect
Tails users who use bridge mode. I'm not saying we're
succeeding, though.

> Apart from this, I also made the suggestions, if Tails wanted to have to
> have a good portion of more clearnet traffic instead of having only Tor
> traffic, Tails could run an untorified mainstream Linux distribution in
> chroot or in a VM.


It's unclear to me how useful this is in practice.
Any pointer to reasoning / research on this topic?

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc