TCP linux-hardened fingerprinting

The negatives of having TCP timestamps disabled (and other default TCP kernel options), especially in Gateway, is fingerprinting of linux-hardened users.

This is mainly problematic in Gateway since it is able to tie IPs to Whonix users by time sources, guard node or apt mirrors, but is also able to fingerprint Workstation to a lesser degree

This should be re-enabled but I would love to be proven wrong

And what’s the point of this?

Network, Browser and Website Fingerprint chapter ISP or Local Network Administrators in Whonix wiki

No.


It’s an optimization conflict.

  • A) Either the main goal can be to emulate being a Windows 10 / 11 or whatever the currently most popular Windows version is network fingerprint. And this is very most likely impossible without using the actual Windows code which we stay away from for many reasons.
  • B) Optimize security, anonymity at the expense of ISP level network fingerprinting, which is already a lost cause.

You cannot be anonymous without being secure. Project decision was made to prefer security over ISP level network fingerprinting obfuscation attempts.

The related wiki page is this one:

There are at least two categories of projects.

  • A) Anonymity: Projects that prioritize to anonymize internet traffic.
  • B) Circumvention: Projects that prioritize to hide internet traffic, circumvent ISP level censorship, resist ISP level network fingerprinting.

Whonix is primarily in category A).

A) is already a hard problem to tackle
B) is even harder if not impossible.

I am not even aware of any projects in category B). Such a software could even be developed independently from Whonix, Tor.

I am not aware of any software solutions provided for such extreme threat models. The sad hard truth is that at some point non-technical issues cannot be worked around with technical products.

I’ve seen it being discussed a few times to use Tor in such threat models and I can understand why anyone would get the idea but it’s conjecture. If you have a look at the following ticket, you’ll see that neither The Tor Project is prioritizing to work under such a threat model:

1 Like

Typo. Edited above. Meant to write:
It’s an optimization conflict.
It’s not possible to optimize for both at the same time.