Information
ID: 299
PHID: PHID-TASK-tpayk6v3hk5ypzb4kekf
Author: Patrick
Status at Migration Time: resolved
Priority at Migration Time: Normal
Description
Why was it introduced in the first place? From systemcheck - Security Check Application
Some users wish to hide the fact from their ISP, they they are using Tor and Whonix. See Hide Tor and Whonix from your ISP article. While only a fraction of users goes through the procedures to hide Tor, it is still desirable to hide the fact they’re using Whonix. We’re better of if adversaries can’t distinguish between lets say TBB and Whonix users. When whonixcheck is automatically started, it waits a randomized amount of time (between 60 and 500 seconds). Although it would be Tor’s job to prevent any kinds of conclusions from the amount of traffic and the traffic pattern, this feature is supposed to aid to obfuscation of that kind of traffic analysis. Starting Tor and instantly having a lot of traffic (from whonixcheck) might be easier to distinguish than waiting a randomized amount of time until that kind of traffic flows.
Why deprecate it?
- It breaks terminal-only (Whonix Forum) (or requires, wastes ~64 MB RAM).
- Usability mess.
- It’s incomplete. (Not in use on first run of Whonix-Gateway.)
- Based on unproven, speculative assumption. Even if the above strategy worked, whonixcheck is still too specific in its activities. So it’s really Tor’s task to prevent traffic classification.
- Especially confusing in Qubes where a popup comes seemingly up out of nowhere.
Comments
HulaHoop
2015-05-12 14:35:41 UTC
Patrick
2015-05-23 18:14:18 UTC
Patrick
2015-05-24 14:32:02 UTC