Re: [Tails-dev] todo/network_fingerprint

Delete this message

Reply to this message
Autor: adrelanos
Data:  
Dla: tails-dev
Temat: Re: [Tails-dev] todo/network_fingerprint
Hi!

intrigeri:
> If bridge mode (or whatever the censorship circumvention / Tails
> detection protection option is called) is enabled, then yes. Would you
> be willing to prepare a patch to our design/implementation doc that
> makes this clear?


I am happy to look at it.

>> Apart from this, I also made the suggestions, if Tails wanted to have to
>> have a good portion of more clearnet traffic instead of having only Tor
>> traffic, Tails could run an untorified mainstream Linux distribution in
>> chroot or in a VM.
>
> It's unclear to me how useful this is in practice.
> Any pointer to reasoning / research on this topic?


A conclusion I got from "[tor-talk] Research paper "The Parrot is Dead:
Observing Unobservable Network Communications", was: "if you want to
look like http/https/ssh/etc. the only feasible method is, use the
implementation itself, not trying to mimic it".

I conclude, if Tails wants to look like Debian, the most promising
approach is to use Debian.

This makes a very bold assumption: censors care not to ban anything
looking like a Debian fingerprint, unless white listed (companies), just
to make sure.

Other than that, I am not aware of any research on using operating
system fingerprints to censorship-evading/anonymity tools. It just seems
to one of the natural next steps a censor could take.

Faking a Windows fingerprint would be even more problematic,
implementation wise and the legal stuff doesn't make it any easier.

Its an arms race, easy to loose. Not to say, most of it is lost already
anyway. If you look at Tor metrics, how many users came from one country
before censoring the Tor network and how many users connect using
bridges after censoring the Tor network... It's just a friction, even if
you imagine that others now use other circumvetion tools or aren't all
correctly counted as bridge users.

Cheers,
adrelanos