Re: [Tails-dev] todo/network_fingerprint

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] todo/network_fingerprint
Hi,

adrelanos wrote (01 Jul 2013 15:34:26 GMT) :
> Anyhow, my best try:


Thanks!

Note, however, that it's a pain to manually diff the current source of
this section with the interesting mix of Markdown and HTML
you've sent.

A Git patch against the current source of the page would be much
easier to review and comment on than what follows. FYI, we have
guidelines that should help making such contributions in a useful way:

https://tails.boum.org/contribute/how/documentation/

> I propose the following a a replacement for the Fingerprint chapter here:
> https://tails.boum.org/contribute/design/#index4h1

[...]
> From the point of view of the local network administrator,


I feel sad the ISP isn't mentionned anymore. Any good reason for this?

> If the censorship circumvention option (implemented as bridge mode) or
> possible future Tails detection protection option is enabled, we want
> the network fingerprint detection resistance, at least to the extend,
> that it beats DPI boxes at least as good as the censorship circumvention
> tool (implemented using pluggable transports) does.


OK, this paragraph can certainly be used somewhere in this document,
but the section you're patching is about distinguishing Tails users
from other Tor users, so I doubt censorship circumvention fits right
in there. Also, I'm not sure patching the *implementation* notes is
the best place to put such a declaration of intent. I'm not sure how
things could be better arranged, but it for sure looks possible!

Also, I'm not sure why "Other possible fingerprint issues on the LAN
or ISP exist but we believe they would be harder to detect"
disappeared, since it seemed quite to the point and on-topic to me.

> And there https://tails.boum.org/contribute/design/Time_syncing
> /#index5h1 I'd remove:


> "Tails developers still need to think thoroughly of these questions: are
> such fingerprinting possibilities a serious problem? What kind of
> efforts and compromise should be made to prevent these?"


I don't understand why. Did we decide that the "Tor restart on
startup" thing is a non-issue? It seems contradictory with the stated
goal of defeating DPI.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc