Hiding Tor is difficult beyond practicality?

i find this quite lazy, a 6-year-old quote from Appelbaum is your proof that pluggable transports are useless :face_with_monocle:

obviously there exists a wide spectrum of adversaries and adversary capacities, some can block some pluggable transports, some can’t. the idea is to make that work as difficult as possible for them. a nice overview of the different pluggable transport approaches is here:

pluggabletransports.info/transports

it continues to be an active field of research and implementation, you can follow along at that website.

in addition, from the perspective of hiding Whonix use (as currently distinct from Debian, Tails, etc), as has been mentioned in this thread, you could continue to decompose Whonix into Debian-based packages, having all Whonix packages be maintained within Debian repos.

also helpful towards reducing network fingerprinting of Whonix users were the previous efforts to have a shared Tor Browser user profile across Whonix, Tails, Tor Browser.

I see the quote from appelbaum among several posts arguing against spending resources on hiding Tor. Not sure how you came to this conclusion.

Indeed.

mfc via Whonix Forum:

i find this quite lazy, a 6-year-old quote from Appelbaum is your proof that pluggable transports are useless :face_with_monocle:

Other reasons where states here too.

obviously there exists a wide spectrum of adversaries and adversary capacities, some can block some pluggable transports, some can’t. the idea is to make that work as difficult as possible for them. a nice overview of the different pluggable transport approaches is here:

Blocking vs non-blocking is besides the point since that is
circumvention. “circumvention” meaning “just make it work, it’s ok if
someone finds out I used Tor later”. That use case is much easier to
keep supporting.

This is about hiding Tor, i.e. “make it work and make sure no one will
ever find out I used Tor”. Due to very realistic assumptions such as
extended logging of traffic, progress in pluggable transport detection
and retroactive policing it is a very bad idea to try to circumvent Tor
which may even be possible at the time when later (lets say weeks,
months or years) detection is still a personal risk.

in addition, from the perspective of hiding Whonix use (as currently distinct from Debian, Tails, etc), as has been mentioned in this thread, you could continue to decompose Whonix into Debian-based packages,

All of Whonix is available as Debian packages for years.

List of packages: Whonix · GitHub

“sudo apt install whonix” is possible and done so by third parties in
the wild. References:

having all Whonix packages be maintained within Debian repos.

That would be very nice for other reasons but unfortunately very
unrealistic. Few reasons given here before:

A Debian Maintainer who stepped down explaining the challenges /
impossibilities changing Debian in human life spawns:

But even if we had that, when even readers of linuxjournal are already
called extremists in the West with relatively many Linux users…

https://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance

…you can imagine how much users of Linux stand out in countries where
use of Tor is not only blocked but deemed dangerous.

Solution? [1] Debian or any Linux going mainstream on the desktop and
[2] producing lots of Tor traffic by default. I see neither [1] nor [2]
coming.

also helpful towards reducing network fingerprinting of Whonix users were the previous efforts to have a shared Tor Browser user profile across Whonix, Tails, Tor Browser.

Whonix uses the same Tor Browser profile as Tor Browser, in other words
unmodified. What Tails is doing is up to Tails. They’ve been criticized
for their custom profile by others. Arguments were made. I don’t think I
could talk them out of it.

However, Tor Browser fingerprint matters at the end of the connection,
i.e. at the destination server. ISPs won’t be able to differentiate
Whonix, Tails, Tor Browser at the ISP level (unless something is very
wrong).

1 Like

I have read on this site that “hiding TOR/whonix is difficult beyond practicality”, Is that really true? aren’t pluggable transports meant to hide the fact that you are using TOR in countries where it is illegal? I even remember something about some pluggable transports that disguises your traffic as a"normal" traffic to some website.
Can the government/ISP see all the TOR users all the time?

Edit: Hi underdog, Welcome to the Whonix Community!

Please use exitsting treads of one is available. @0brand moderator. Forum Best Practices.

They provide circumvention. Not hiding. Circumvention might work. Hiding is what people like to interpret into it. Social communication issue.

Again, circumvention, not hiding.

Even if they don’t - it’s likely that all traffic is being logged permanently. Even if not detectable now, traffic can be reanalyzed again and again and a later more sophisticated analyser might detect it later on. Hiding failed.

Page Hide Tor use from the Internet Service Provider contains technical reasoning, quotes, links. Verifiable.

Try to find a technical argument, developer of a pluggable transport, or other expert who’s pressed on the circumvention vs hiding question, who states it is for hiding.

It’s not about truth or certainty but with the information available this was the conclusion.