@HulaHoop wrote:
Currently already the case for both, hardened debian and Whonix host.
Disadvantage being that we have to,
- install anon-connection-wizaard on the host too. (And then have user duplicate that work inside Whonix-Gateway.) [In theory, OneVM where Tor runs on the host would make more sense to avoid duplicate Tor config and duplicate Tor connections but OneVM may also be harder to get right in terms of leak protection, never thought that through.]
- drop “give user option to not connect to the public Tor network”.
So we have to choose between:
- no secure time sync by default
- use NTP
- or use nonthing?
- drop “give user option to not connect to the public Tor network”
- two Tor running by default (host and Whonix-Gateway)
- OneVM alike (unrealistic mid term and perhaps even unrealistic ever?)
A related question:
I’ve head this before and acted as if it is true. Is there actually any evidence for that?
Does even The Tor Project with TBB connection wizard (tor-launcher) address the hiding Tor use case or only the censorship circumvention use case? It looks to me like the latter.
Being founder of Whonix project shouldn’t prevent me from asking learning questions. I’ll direct less energy on appearing professional and rather spend energy on getting better. I build Whonix which incorporates Tor but that doesn’t make me perfectly knowledgeable on the state of everything related to it such as in which countries it’s super dangerous to use.
In countries so draconian, does one already attract attention by being a Linux on the desktop user? Desktop use is less and less. Linux on desktop computer are few in numbers. Debian users then are a minority compared to Ubuntu users. Linux users are even fewer in draconian countries. So if singling out users is the goal, isn’t being a Debian at home desktop computer already so far away from mainstream people that this alone is suspicious enough?
Users of hardened debian and more so users of Whonix host are clearly users of the software by the Whonix project which is related to Tor. By following the quoted assumption, one could argue that using Whonix host and/or using hardened debian alone would put users at risk. (They’d be using Whonix repository.)
The current state of Hide Tor and Whonix ™ use from the ISP is really meager. It looks so difficult that I wonder if anyone is able to act good enough to actually hide Tor and Whonix from the ISP.
- How does a first time user in such an area learn about Tor without getting suspicious learning about Tor?
- They’ll then get TBB and private obfuscated pluggable transports (bridges), then download Whonix and set up private obfuscated pluggable transports (bridges) there too?
- Where they’ll get the private obfuscated pluggable transports (bridges) from in first place?
I find this rather unrealistic. There may be a few users which manage to pull that off but perhaps that is in the single digits area?
Also this quote makes this really shaky:
Some pluggable transports may seek to obfuscate traffic or to morph it. However, they do not claim to hide that you are using Tor in all cases but rather in very specific cases. An example threat model includes a DPI device with limited time to make a classification choice - so the hiding is very specific to functionality and generally does not take into account endless data retention with retroactive policing.
Furthermore, by adding more and more Kernel Hardening - security-misc, we could likely introduce a network fingerprint which is unique to Whonix. Do we want to be less hardened and maybe not fingerprintable as Whonix users or do we want to be more hardened and more likely fingerprintable as Whonix users?
The state of censorship circumvention in Whonix is unfortunately very limited anyhow. Anon connection wizard (frontend) is not being worked on, and the state of pluggable transports (backend) (the newest aren’t available outside of TBB anywhere as far as I know) doesn’t look better too.
The more I am thinking about it the more I am thinking “censorship circumvention may be possible but hiding Tor is unrealistic and should not be relied on”.
All of this mess makes me wonder if it would be best to tell such users “sorry, too difficult, we can’t help, go somewhere else”.