Hi, Commenting on network fingerprint, on pages https://tails.boum.org/contribute/design/Time_syncing/ and https://tails.boum.org/todo/network_fingerprint/ (the latter has no [tags] by the way)...
In April the topic "secure and simple network time (hack)" has been discussed. Parts of that discussion also was about network fingerprinting issues. An interesting quote in that context, Jacob Appelbaum: > I don't think so - I also this this is non-trivial. Some pluggable > transports may seek to obfuscate traffic or to morph it. However, they > do not claim to hide that you are using Tor *in all cases* but rather in > very specific cases. An example threat model includes a DPI device with > limited time to make a classification choice - so the hiding is very > specific to functionality and generally does not take into account > endless data retention with retroactive policing. Quoting https://tails.boum.org/contribute/design/Time_syncing/: > Tails developers still need to think thoroughly of these questions: are such > fingerprinting possibilities a serious problem? What kind of efforts and compromise should be made to prevent these? Since you are shipping pluggable transport obfs3, I conclude, that you want to serve users in censored areas, even if Tails design document does not state that explicitly. In fact, Tor has a network fingerprint, which DPI boxes can detect and block. In what follows, pluggable transports are assumed to work reasonable well to beat (some of these) DPI boxes (for most of the time). Hence, I think, you will like Tails's network fingerprint detection resistance (from ISP perspective) , at least to the extend, that it beats DPI boxes at least as good as pluggable transports do. You probable won't write into that design decision "we don't care if it becomes clear to ISP's, that someone is using Tails". What is also open to decide for you, is whether you like to improve the network fingerprint (from ISP perspective) when these problems start having real world impacts (censors start censoring based on Tails network fingerprint) or precautionary. Apart from this, I also made the suggestions, if Tails wanted to have to have a good portion of more clearnet traffic instead of having only Tor traffic, Tails could run an untorified mainstream Linux distribution in chroot or in a VM. Cheers, adrelanos _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
