Tor ConnectionPadding

The Tor connection padding part in the Whonix-Gateway Security page should be removed or redone.

It says that setting it to 1 helps against traffic analysis attacks and the System Hardening Checklist says that it improves anonymity but this isn’t true. Connection padding is enabled by default with the “auto” option. This makes it send padding cells if the client and relay support it. Setting it to “1” will make it send it anyway which is basically useless as the relay doesn’t support it.


I doubt there will be any benefits by setting it to 1.


Any quote which make you conclude that?

1 Like

If the relay doesn’t support it then what benefit would it have?

It already does send padding cells if possible.

Most relays would use padding anyway unless they’re on a very outdated version of Tor.

1 Like

Perhaps more defensive against an adversary external to the Tor network, while not effective inside Tor if the relay doesn’t support it.


Wouldn’t an adversary see a few users sending those cells compared to the many others who don’t send them? Wouldn’t that decrease anonymity for those that do?


An adversary in that position (running Tor nodes) can do a lot more damage than just that. We have a position to increase security even if it will make Whonix users stand out more think all the kernel hardening and its effects on the network.

There is middle hop pinning too that helps against guard enumeration attacks. Don;'t know if that;s optional or not, if it is let’s do it.


If like that. What would the Tor Project’s rationale of adding such a feature?

1 Like

An adversary doesn’t need to run Tor nodes to see the cells. They can monitor the packets sent from X IP to X Tor node. Because most Tor users likely won’t force them this means the ones that have enabled this option will send more packets to relays that don’t support it than other Tor users, singleing that user out.

Not sure. There are many other options that can decrease security too.

1 Like

AFAIK connections to Tor relays are encrypted and opaque to outside observers. The cell signalling is only visible to Tor relays that act upon them. For example HS negotiation commands are not visible to your ISP but to relays which honor the request.

Newnym not a good example.


Newnym does not require the cooperation of any Tor relay. It is command understood by the Tor process which results in building another circuit for subsequent connections, except already established long-running connections (such as IRC).


But wouldn’t an adversary notice a difference in the intervals between sending packets or would that also be hidden?

Wouldn’t forcing them still bring no benefit and potentially single you out from the viewpoint of the entry node?

You said it may be helpful to adversaries external to Tor but you also said they couldn’t see the cells? How would that work?

1 Like

If by adversary you mean ISP (outside Tor) then no becuase Tor cells have always been externally padded. The new work is focused onprotecting users from rogue actors in the network.

Yes users with the non default setting will stand out to the entry guard, but there are more bad things it can do and there are more ways to figure out one is a Whonix user.

The cells have always been padded and encrypted so external observers can’t see what’s inside them.

Nonetheless if you think this is important enough please ask upstream for an opinion. I am not an expert by any means.


This isn’t applied by default so only a few Whonix users will use it, this puts them into a much smaller subset. The problem isn’t finding out they’re a Whonix user.

I know they can’t see inside them but can’t they see differences in network traffic from other Tor users?

And hence not :slight_smile:

1 Like

Next step required:

Asking The Tor Project about this.