What’s the exact citation here which is allegedly wrong?
Nick Mathewson from The Tor Project suggests additional precautions when moving networks:
- Absolutely prevent non-Tor connections.
The citation is correct if you look at the original source.
Rewritten just now to say:
Nick Mathewson, co-founder of The Tor Project
Did you see who said that? Not a nobody. It’s an authoritative source. Hard / impossible to find more authoritative sources for this specific part of bleeding edge anonymity research. Like the content of the citation, agree with it or disagree. Optionally, on top of that, if you have an issue with write-up, I suggest going back to the original source / author.
Not sure what you mean by primary users. Most users of Whonix however are using Whonix for VirtualBox.
I am not sure that’s true.
Quote Tails - MAC address anonymization
Profiling based on chipset/driver particularities
It’s possible to profile the particular chipset and/or driver used by a device based on the active probing algorithm used, and its parameters (e.g. channel probe order, how many probes sent per channel, time spend per channel). See for instance the paper A Characterization of Wireless NIC Active Scanning Algorithms.
Dealing with this may be impossible, or at least require re-writing all Linux wireless drivers so that the parameters can be changed so we cannot practically deal with this issue at this point.
Based on that it’s conceivable that even when using the “same” notebook, it might have minor differences such as a different hardware revision for the LAN card or WiFi chip. These minor differences might be fingerprintable through passive observing or active attacks such as injecting artificial delays and observing how the hardware reacts.
“they can’t infer that the people at the two wifi locations are the same.” is a pretty strong statement to make while no negative can be proven.
Does it even require “obsucre dot com”? Shouldn’t user habits what websites they visit over clearnet be sufficiently unique? Qubes update status, software versions? Number of installed packages? Amount of clearnet and/or torified (or unidentifiable) usual range of traffic being used? Particularities of hardware, software?
Is Qubes a sufficiently huge anonymity set?
Quote NSA targets the privacy-conscious | Das Erste - Panorama - Meldungen (bold added)
The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called “the Linux Journal - the Original Magazine of the Linux Community”, and calls it an “extremist forum”.
Also:
How many operating systems allow for a Tor-only traffic mode and how many users are using that?