Interesting blogpost that provides some technical meat.
It has some client side suggestions for thwarting website fingerprinting. I will quote here and if anything useful is covered we can spin them off into their separate phabricator tickets.
Users: Do multiple things at once with your Tor client
Thankfully we get this for free with Whonix’s design and thanks to stream isolation, safely at that.
We can do better by allowing users to run their client as a bridge we protect client traffic even more.
- What bridge type is ideal for Whonix GW? The easiest and quickest to implement? (Snowflake?)
- The GUI side option would be implemented as part of the anon-connection wizard.
- Does running your client as a bridge allow you to you yourself connect to a bridge before Tor? Does this provide double benefits? Needs research probably.
Mozilla/EFF/AdBlocker makers: Investigate Real Time Bidding ad networks
Blocking ads in Tor Browser turns out to be an anonymity benefit and not just to get rid of an annoyance. The Tor Project is taking a soft stance on this for pragmatic political reasons. If they block ads outright they risk Tor being blacklisted even more as retaliation.
Investigating ad networks for transparency is impossible unless you have an inside view of how they run their systems. Not gonna happen.
Tails hasn’t given a fuck about ads or how blocking them makes their TBB differ from plain bundles since forever. We should seriously find the best solution for blocking ads today if we agree to do it and convince Tails to switch to it if they have a different solution so we can blend into a slightly larger group.
We already chose to implement more secure options for our distro even if the cost is an identifiable network fingerprint.
Website Operators: Use v3 Onion Services
Yet one more reason to deprecate v2 and advise against them in documentation
The rest of the advice in the article doesn’t apply to us.