The only options deployed ATM are obfs4, meek and snowflake. The only configureless client side one is snowflake:
Currently there are three pluggable transports available, but more are being developed.
Of course. It routes other users’ traffic through your client.
It does. I think they don’t/can’t take usage models like the 1G/App into consideration since a very small number of users will run Tor that way. So the next best thing is to try to confuse the malicious guard by pumping in different types of traffic. So if we had to rate the from more to less effectiveness, then:
1 G/App > Multiple Traffic thru 1 G > One type of traffic thru 1 G
I see so they agree about the principle, but not the implementation. (upstream curation vs addon). Not a fan of security theater and this seems to be the case.
Although in the ticket about uBlockOrigin , arthuredelstein
discusses they were working on shipping an adblocker that’s turned off by default and need to work a few things out for performance. The quote in the manual above may be outdated and was never changed to reflect reality. It was written before uBlock existed which is superior to all these options.
The 0.1% of ad networks that slip thru is not a strong argument against the benefits of blocking all the rest. We can think of the whole approach as on a spectrum vs being absolute. fpcentral - a site designed specifically for TBB fingerprint testing should answer these questions.
Depends on how easy these things are for a third party to uncover. First party isolation problems would be easy to fingerprint I imagine.
Fragility is a big enough argument against this alone. A great addition that always breaks and works half the time is not a good idea. As for the Tails vs Whonix fingerprint - we have to know if things like addon version are easily enumerated by sites.
With all due respect, pseudonymity becomes a liability over time and any mistake would uncover all a user’s past activities while anonymity provides forward secrecy of sorts. Anonymity is the ideal while pseudonymity is not fatal, but it can be if identities are not recycled after a short period of time.
Website fingerprinting (in this threat model) is about a malicious guard correctly identifying what the contents of an encrypted stream a user is requesting.