Any quote which make you conclude that?
If the relay doesn’t support it then what benefit would it have?
It already does send padding cells if possible.
Most relays would use padding anyway unless they’re on a very outdated version of Tor.
Perhaps more defensive against an adversary external to the Tor network, while not effective inside Tor if the relay doesn’t support it.
Wouldn’t an adversary see a few users sending those cells compared to the many others who don’t send them? Wouldn’t that decrease anonymity for those that do?
An adversary in that position (running Tor nodes) can do a lot more damage than just that. We have a position to increase security even if it will make Whonix users stand out more think all the kernel hardening and its effects on the network.
There is middle hop pinning too that helps against guard enumeration attacks. Don;'t know if that;s optional or not, if it is let’s do it.
If like that. What would the Tor Project’s rationale of adding such a feature?
An adversary doesn’t need to run Tor nodes to see the cells. They can monitor the packets sent from X IP to X Tor node. Because most Tor users likely won’t force them this means the ones that have enabled this option will send more packets to relays that don’t support it than other Tor users, singleing that user out.
Not sure. There are many other options that can decrease security too.
AFAIK connections to Tor relays are encrypted and opaque to outside observers. The cell signalling is only visible to Tor relays that act upon them. For example HS negotiation commands are not visible to your ISP but to relays which honor the request.
Newnym not a good example.
Newnym does not require the cooperation of any Tor relay. It is command understood by the Tor process which results in building another circuit for subsequent connections, except already established long-running connections (such as IRC).
But wouldn’t an adversary notice a difference in the intervals between sending packets or would that also be hidden?
Wouldn’t forcing them still bring no benefit and potentially single you out from the viewpoint of the entry node?
You said it may be helpful to adversaries external to Tor but you also said they couldn’t see the cells? How would that work?
If by adversary you mean ISP (outside Tor) then no becuase Tor cells have always been externally padded. The new work is focused onprotecting users from rogue actors in the network.
Yes users with the non default setting will stand out to the entry guard, but there are more bad things it can do and there are more ways to figure out one is a Whonix user.
The cells have always been padded and encrypted so external observers can’t see what’s inside them.
Nonetheless if you think this is important enough please ask upstream for an opinion. I am not an expert by any means.
This isn’t applied by default so only a few Whonix users will use it, this puts them into a much smaller subset. The problem isn’t finding out they’re a Whonix user.
I know they can’t see inside them but can’t they see differences in network traffic from other Tor users?
And hence not
Next step required:
Asking The Tor Project about this.
Could you work on this one please? @HulaHoop
It’s for protection from external observers. Anyone watching a client to entry nodes should not be able to tell that the padding is forced. It does not apply as protection from relays.
Posted to tor-talk will link when it is approve
@HulaHoop - your follow up answer (looks like setting connection padding to 1 doesn’t make any difference)
On Sat, Aug 8, 2020 at 3:59 PM procmem at riseup.net wrote:
Hi. I was wondering if setting the connection padding setting in torrc
to 1 instead of auto has any benefit in protecting against a passive
adversary outside the Tor network.
I don’t think it’ll have much effect? The “auto” option means “pad
when padding is negotiated”; the “1” option means “pad even if the
relay doesn’t have padding support.” But all currently supported
relay versions ought to have padding support, so there shouldn’t be a
difference, in theory.
If I understand correctly (and Mike could correct me here), in its
current form, the ConnectionPadding option helps against ISPs who are
using common flow-logging settings on their internet routers, or
against after-the-fact adversaries who get access to these logs later
on. It isn’t so useful against an adversary who has set up better
logging in advance.
(Mike, did I get this right?)
PS Good job on the Thunderbird email stuff.
I want to clarify that Connection Padding shouldn’t be confused with CircuitPadding. The latter is meant to protect against Tor-relay adversaries while the former is about frustrating ISP analysis.