adrelanos: >> >> We already fail this test, no? > > Not necessarily. This is a difficult question. >
Tor does not hide that you are using Tor and using Tails or Whonix is an example of a system only emitting Tor traffic. It depends on your threat model but generally, we'd just making up "someone could" as a network distinguisher. I assert that someone could watch - see no traffic except encrypted traffic, decide it is Tor and then decide you're running Tails or Whonix. Also, the way these systems do TLS handshakes will reveal your current clock as well as other details - such as if you're using Whonix or Tails (if one caches the consensus, and the other doesn't). > Tails: > (For your ISP or local network administrator) > https://tails.boum.org/doc/about/fingerprint/index.en.html > > Whonix (since interested in this topic as well): > https://sourceforge.net/p/whonix/wiki/Fingerprint/#for-your-isp-or-local-network-administrator > > My point is, even if the answer is at the moment "we fail that test", > it's hopefully "possible to fix" as well. And, we should try to prevent > adding new factors, which could worsen the current status, if that > appears (already) attractive and doable. Well, TLS is the default transport and so, I think TLS is the best way to get time information. We're not really going to stick out any more than the rest of the TLS traffic - in fact, we might even stick out less because we have a valid cert and it isn't Tor, it's a shared network time program. I admit, it can probably be fingerprinted but I think that fingerprinting it won't look much different from the rest of the TLS traffic - it will look lets say, less sketchy? > > Of course, the already existing (or new) operating system fingerprinting > by ISP issues could still get fixed when they get real world issues. For > example, Tails could mimic a mainstream operating system, by running one > untorified in a VM or chroot; and letting pluggable transports doing the > obfuscation for Tor traffic. > I'd be curious what snoopy says about any of the systems? http://www.sensepost.com/blog/7557.html >> Hell, who is even testing for that except >> potential censors? > > Potential censors, yes. Other, I don't have an answer. Well, if we want to red team it, we should set up some parameters and go for it? All the best, Jacob _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
