[Tails-dev] Persistent Tor start in Tails vs location aware …

Delete this message

Reply to this message
Author: Patrick Schleizer
Date:  
To: whonix-devel, The Tails public development discussion list, desktops, tor-talk
Subject: [Tails-dev] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)
sajolida:
>     https://tails.boum.org/blueprint/persistent_Tor_state/


Persistent Tor state would be a good improvement. Could be the first
iteration. It would make Tails less fingerprintable and more secure for
people staying in the same location and/or not carding about
AdvGoalTracking.

But I think location aware Tor entry guards (LATEG) are wrong headed.
The topic of LATEG is so difficult to explain to the user, that as you
plan, you cannot add it the the UI. Perhaps buried under an advanced
setting, but that's not worth so much. So it cannot be manual by
default. Only automatic. Which brings me to the issue.

There is a reason, why Tor picks a Tor entry guard and sticks to it. By
changing it more often than Tor would do, you are subverting the reason
for using Tor entry guards in the first place. In a sense, you are to a
small degree thereby becoming a Tor developer, and modifying Tor's relay
choosing algorithm.

I wonder, if the whole LATEG thing would not be much better implemented
in Tor itself. If so, then any (further) research of the entry guard
topic would still apply to Tails, and not to Tor only.

The documentation advice for advanced users caring about AdvGoalTracking
could be to use obfuscated [private] bridges and to alternate
them per travel location.

Or perhaps you might be able to explain in tor-launcher /
anon-connection-wizard [1] [2] [3] the LATEG / AdvGoalTracking issue.

> [...] By adding the SSID, we prevent attackers from being able to

spoof only the MAC address of the router to reuse a given Tor state;
they also have to spoof the SSID which is visible to the user and might
be detected as malicious. [...]

I find it unlikely, that users might judge an often changing SSID
malicious. FreeWifi832458252823523 vs FreeWifi358235892435. How many
users are going to remember that? I would guess, they would just click
through whatever hoops required to make the WiFi connect again.

Cheers,
Patrick

[1] https://github.com/Whonix/anon-connection-wizard
[2] https://www.whonix.org/blog/connection-bridge-wizard
[3] python rewrite of tor-launcher