[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Tor and clearnet traffic


#1

I read somewhere on the docs here that one shouldn’t mix Tor and clearnet traffic, for example use Tor browser in the VM and Firefox on the host, at the same time. It is especially risky if we connect to the same site, but also if browsing different sites, because they may be on the same cloud service, or trackers such as google’s may be installed in both sites and easily correlate the traffic.

But, since sites see our access point’s IP, should this rule apply not only to activities done on the same machine, but also to all the devices on the network? so, we shouldn’t use Tor if any other device on our network uses clearnet?

This seems like a very difficult challenge. Means - no Tor in workplace? no mobile phones allowed to connect to our network? no Tor in public wifi?


#2

chicken:

I read somewhere on the docs here that one shouldn’t mix Tor and clearnet traffic, for example use Tor browser in the VM and Firefox on the host, at the same time. It is especially risky if we connect to the same site, but also if browsing different sites, because they may be on the same cloud service, or trackers such as google’s may be installed in both sites and easily correlate the traffic.

here:

But, since sites see our access point’s IP, should this rule apply not only to activities done on the same machine, but also to all the devices on the network? so, we shouldn’t use Tor if any other device on our network uses clearnet?

Yes.

This seems like a very difficult challenge. Means - no Tor in workplace? no mobile phones allowed to connect to our network? no Tor in public wifi?

Yes.


#3

OK. So also traffic initiated automatically by the host should probably fall to this category.

Any tips or resources how to monitor and minimize such traffic? I’m not talking about windows (lost cause). Say in linux.


#4

Can’t this argument be extended arbitrarily, for example to ISP level? A website could throttle the traffic of all addresses belonging to a certain ISP. A really strong attacker could try to correlate traffic by country, region, town or street this way.


#5

Yes -> https://www.whonix.org/wiki/Warning#Confirmation_Attacks