the five manipulation eyes (theoritical)

i was thinking last night of a theoretical protection against the ISP sniffing or reduce the attacker threat to my connection. so i have an idea but i dont know if its going to work , but here it is:-

if we can have more than one Tor connection on a different VMs inside Qubes let say five , which r all opened together at the same time or gradually and including my connection among one of them. in another word:-

1- Tor VM (not mine)
2- Tor VM (not mine)
3- Tor VM (my connection)
4- Tor VM (not mine)
5- Tor VM (not mine)

wouldnt that increase our anonymity by increasing the surface of connectors points to Tor? (which for sure one of these connections r my real connection but i dont have one connection only , instead i have five and im only using one).

to make this more efficient to use theory:-

1- the manipulated virtualmachines are not in a true storage , but it only need a fixed storage which mean we need only disposable non-persistent storage (amnesic).

2- these manipulated virtualmachines WONT be useable by human. they are there just for the sake of its purpose. which will give us the opportunity to put these virtualmachines in the lowest consuming resources (RAM , Processor …etc) so no files or media players or …etc (so even low storage).

3- to harden these virtualmachines we can make the design of whonix (mini-whonixes) to be used from these VMs:-

Note:- we can use this design in case that just opening Tor wont manipulate anything , but if we open Tor + TBB and surfing X or Y website then we will have this method/theory to work.

(X , Y , Z ,V = just random websites.)

1- GW (Tor) - WS (TBB + X website) (disposable VM)
2- GW (Tor) - WS (TBB + Y website) (disposable VM)
3- GW (Tor) - WS (TBB + my surfing) (normal VM)
4- GW (Tor) - WS (TBB + Z website) (disposable VM)
5- GW (Tor) - WS (TBB + V website) (disposable VM)

…etc from hardening things we can put inside this theory. but i dont know if its going to be effective or not , and what will the ISP see when we apply this.

Nice idea. Couple points…

  1. Easy to implement in Qubes
    Multiple Whonix-Workstation ™

  2. Depends on threat model. Worried about Gateway compromise? ISP sniffing? Tor compromise in general (Compromised entry/exit nodes)? Explained in doc link…

  3. For ISP case: Your ISP already knows you use Tor. Would you rather they knew you use 5 sets of Tor Entry Guards? How many ISP accounts connect to 5 (or whatever) Tor entry nodes? Might not matter, or might be interesting enough for your adversary to put a white van outside your house…

Why should they have issues breaking 5 connections if they learned how
to break one?

5 is much too small a number to make that computationally harder. And
you cannot make as many connections to make it that hard so it does matters.

The attacks that I have in mind like end-to-end correlation attacks
should work either way.

These other Tor connections would also have to send dummy traffic.
Otherwise it would be clear which Tor connections are just idle and
which actually generate traffic.

Related:

https://forums.whonix.org/t/idea-proposal-of-a-fake-workstation

Why should they have issues breaking 5 connections if they learned how to break one?

because that one not necessary mean u. it might be one of the fake connections.

The attacks that I have in mind like end-to-end correlation attacks should work either way.

yeah it should , because this idea is not solving this attack. but it will solve other attacks like for example sniffing attacks , or using manipulated pages for sign in and …etc. so we will lower the opportunity of the attack to keep focus on one point of anonymity which my surfing and instead we make it five points of connections = making it 4x to 5x harder.

These other Tor connections would also have to send dummy traffic.
Otherwise it would be clear which Tor connections are just idle and
which actually generate traffic.

yeah sure. and this idea, the workers on it (if we assume it is going to work) will have away to find out how to make them all look-a-like.

should i mention this to Tor community ? btw i have mailed them couple days ago (different subject) , but they didnt answered me. is the place “trac” fine for theoretical ideas ?

Idea proposal of a "Fake-Workstation"

yeah this idea argument will be on the fingerprints , but my suggestion is all about Tor connections.

Sniffing ISP between user and Tor entry guard/bridge is equally worthless for 1 and for 5 connections. Sniffing of unencrypted traffic at Tor exits does not get significantly harder. You likely would not leave the Tor network at the same exit multiple times. And even if you did, I don’t see how it would help. Such attacks are run more or less automatically. That would eat minimally more cpu and ram. Unmeasurable small.

Yes. Such ideas are much better developed upstream. Trac can be fine. tor-talk mailing list may be better. If they don’t find the idea to be compellingly well written and understandable, it’s most likely ignored. Bonus points if you have an existing reputation or data to substantiate.

ok perfect created a new ticket:-

let us c what they gonna say…

i would call this:-

“hardening the five manipulation eyes”

with this design if im getting it correctly , it will be very hard to make a conformational attack or at least very hard also to compromise the GW.

The explanation:-

  • in this design what i added is , the GW is not just amnesic to the point that it would be shut downed manually e.g. “sudo poweroff” but here it will be automatic shutdown.

the five disposable VMs will be connected to the WS , but in fact they wont be working together how?

if u c the refresh icon :arrows_counterclockwise: it means the DisposableVM is turning OFF and going to be ON after few minutes. while others r still working , and by this we get:-

continuing connection , and anti-compromisation because the disposableVM will keep shutting shutdown itself and start from point 0.

so the green lines means the disposableVM is working, and red lines means disposableVM is refreshing itself by turning on/off itself from time to time.

i dunno if my guess is right or wrong , but i will also contact the upstream about this.

uploaded to the upstream:-

I have another strange idea, in the meanwhile of our surfing we can set a VM like Tor relay, so the time stamp attack and fingerprint will be much hard . It’s an idea, I think we will need two gateway and two VM … In this case, we will also help the Tor network :slight_smile: .
The method of five VM is useless for me, the ISP could see our five entry node and of course we are suspicious .

Not necessary, the real problems, out of the solutions found in this thread, are that in the Tor network there is a little number of nodes, they aren’t sufficient .
I red a mathematician study and I’m very surprised the precision of this test and the weakness of Tor, but I’m not an expert, so my word has minimum heavy …
However, can anyone consider my idea of run a tor relay in the meanwhile of our activity on internet ? Yes it could make slow our connection but in tails for example we can set the amount of bandwich, or if you love the line of code you can set this on file, I think :slight_smile: .
So, I don’t see the problem from security perspective, maybe for nood ( like me :smiley: but not much ) it will be a problem but there are us .

I red a mathematician study and I’m very surprised the precision of this test and the weakness of Tor

not sure i got what u mean , who said Tor is weak ?

can anyone consider my idea of run a tor relay in the meanwhile of our
activity on internet ? Yes it could make slow our connection but in
tails for example we can set the amount of bandwich, or if you love the
line of code you can set this on file, I think

u mean like I2P ? each Tor user should be relay ?. if so then , this idea is considered rejectable form Tor community.

I lost the paper but there’s a study on this, it refers to the facility to track someone over Tor, so when you surf the clear net . Behind Tor the securiy is higher .

I didn’t mean like I2P, but run a relay in the meanwhile we are surfing, two separates OS .
Is it a bad idea ?

I didn’t mean like I2P, but run a relay in the meanwhile we are surfing,

well thats how I2P works. but not Tor.

I didn’t mean like I2P, but run a relay in the meanwhile we are surfing, two separates OS .
Is it a bad idea ?

Mmm, in fact the problem will be my firewall, but if we tunnel all traffic through a VPN first for example, the firewall won’t be a problem, always considering a second OS dedicated like relay .
Unless my VPN for example, my firewall would block all the relay traffic, I will find a solution :slight_smile: .