How important is it to avoid engaging in unrelated online activities in a (too) short space of time? How long should time gaps be to protect anonymity reasonably well, especially when using the same access point? I have in mind adversaries that can keep track of lots of sites and traffic.
To get anything done you can’t wait a few hours every time before reconnecting. How do you deal with this?
By “unrelated”, do you mean different sites and different contexts? User A logs into webmail to discuss baseball. User B visits a dog training forum.
With Tor, the entry point is less important than the exit point. Well, depending on your next answer…
Please be more specific about the capabilities of your adversaries. How are they tracking users? Which parts of the internet do they control?
The short answer:
Read first: https://www.whonix.org/wiki/Warning#Whonix_does_not_Separate_Different_Contextual_Identities
Most separation: https://www.whonix.org/wiki/Multiple_Whonix-Workstations
More separation: https://www.whonix.org/wiki/Advanced_Security_Guide#Multiple_Tor_Browser_Instances
Some separation: https://www.whonix.org/wiki/Tor_Browser#New_Identity_Function
Answer will be nuanced depending on your situation.
Related:
Something else to consider is stylometry.
https://whonix.org/wiki/Warning#Whonix_does_not_Defeat_Stylometry
Whonix does not Defeat Stylometry
Whonix does not obfuscate a user’s writing style. Consequently, unless precautions are taken, users are at risk from stylometric analysis based on their linguistic style. Research suggests only a few thousand words (or less) may be enough to positively identify an author, and there are a host of software tools available to conduct this analysis.
Thanks for the links everyone. I don’t believe time gaps are discussed much in the documentation here. Seems massively important, is anyone aware of other resources?
Yes, but the same person. Also public activity, like posting on forums such as this one. Here the increasing time ambiguity of posts isn’t bad, but wouldn’t day precision be enough/better?
State agencies or huge corporations. Not targeted attacks, but dragnet.
Important but separate topic.
I’m not sure what you’re looking for. It’s hard to imagine an objective study / analysis that can state that posting on a forum (for example) 12 minutes apart provides as much separation / anonymity as posting 85 minutes apart or 3 days apart. It depends entirely on context and is more of a social / behavioral issue than a technical one.
For example, every time Alice makes a post on forums.whonix.org, Bob posts exactly 1 minute later. That’s a coincidence that seems more determined every time it happens. If every Bob post is in support of Alice, then it’s even greater evidence that the two are somehow linked. How many times does this need to happen to “prove” that the two are linked? Everyone’s answer will differ. A conspiracy theorist / numerologist may conclude that Alice and Bob are linked to Charlie because they begin with consecutive letters in the alphabet.
If I’m misunderstanding, please provide a better example.
Also, read this section: https://www.whonix.org/wiki/Stream_Isolation#Introduction
I agree with entr0py. The time in between using different identities will not matter much ( if time is the only consideration). Remember, this it all relates to correlating different identities. There are certainly much bigger worries to be concerned with IMO.
Related:
https://forums.whonix.org/t/does-it-matter-when-i-connect-to-tor-network/4526
Over a long enough period of collecting data, wouldn’t it be possible to correlate the activities of someone, if they in a short space of time in sequence connected first to Tor to execute task A and then connected to the clearnet to execute task B? The sequence of tasks may even change, but would often be close in time. Tasks A and B may be expanded to a small set of common tasks. Maybe there would be no B tasks, everything would be done over Tor, but in a short time. The point is that everyone has a set of tasks that they commonly execute in a fairly short timeframe when online. This set is unique.
An observer can see that a certain IP is connecting to Tor. Internet traffic is monitored by state agencies. But I’m asking this also because there are a few very common content delivery networks and providers of other web services. They are present on a great many websites, just as state agencies may be present on many large network nodes. A good example is google. Their ads, analytics and other stuff is present on a very large part of the web. Could google gather enough information to correlate activity based only on time?
Your concerns are all valid. That’s why maintaining privacy is a holistic process. Tor only provides anonymous routing. Whonix ensures your traffic uses Tor and attempts to prevent as much fingerprinting as possible at the os level. There is no technical solution to 1. enforce user online behavior and 2. to prevent adversaries from observing public locations (or in Google’s case, their own network).
Maintaining privacy requires in addition to many other things:
These things are beyond the scope of any anonymity software.
The entire first section of the wiki is devoted to this topic. https://www.whonix.org/wiki/Documentation #Modern Privacy Threats
Tor IPs: If you use proxies or VPN after Tor (User->Tor->Proxy/VPN->Site), the site will see those IPs instead of the Tor Exit nodes’. Of course you then depend on those services not logging your traffic or worse.
Tracking usage throughout sites: disabling Javascript takes away some of the power of trackers although it is still possible to track without them. Also, using strict security settings (including deletion of cookies when you close the browser) can help. There are also add-on to specifically block trackers (Duckduckgo has one) but then you need to consider your browser’s fingerprint changes.
AFAIK this setup is mostly discouraged, because routing all your traffic through the same exit point makes you more unique.
If it’s a single exit point, of course it makes even less sense than just using Tor exit relays. But you could use many different exit points.
It will make more sense if you have a fixed and limited set of identities you need to maintain. So, perhaps a few Whonix-Workstaions, one per identity, configured differently: some using just Tor exit relays, others add specific VPNs / proxies, some use JonDonym, one goes through a VPS. Maybe even add other OS VMs and configure them to connect through Whonix-Gateway if you can do that.
Then, you can use different browsers too, for example take 10 most common browsers settings and configure your browsers accordingly.
Naturally such a complex system will increase the chance for mistakes and misconfigurations, so that’s another thing to keep in mind.