Feature: default mitigation for traffic analysis

I recently posted to the Tor forum asking for clarification about a Mike Perry blog post concerning traffic analysis mitigations. Machine Learning makes this attack vector increasingly problematic.


for users comfortable with the CLI, maybe a script exists designed for this, using torsocks?

A script would have the benefit that it could be run by default on anonymity focused distributions like Tails and Whonix, so users would be protected without requiring specific behavior from them.

Is this something that has been considered before by the Whonix devs?

In my view, a default process that created randomized Tor traffic would be a great feature for Whonix. I think this would ideally be implemented with several properties:

  • uses a source of entropy for randomization, so that it cannot be fingerprinted (such as how key generation uses entropy)
  • can be toggled on and off, though is on by default
  • generates enough Tor traffic to serve it’s use, but not so much that it significantly clogs the Tor network

Here is the Tor Project answer:

The Mike Perry blog post referenced recommends that users manually “Do multiple things at once with your Tor client”.

This speaks to how such a mitigation is useful to a single user even if only they are doing it. So in this case, the FAQ does not apply regarding “And every user needs to be doing it.”

Having a script do this seems to be a better solution, rather than hoping a user will generate sufficient traffic by opening up extra tabs (i.e. very prone to user error).

A toggle would allow for the process to not run by default, in regards to bandwidth concerns, and only turned on by users whose threat model warrants it.