Traffic limiting


I would like to find out if it is possible or easy to limit bandwidth, either per workstation or socksport-transport.

For example if there was a GUI application on Gateway to set bandwidth limit per ports (applications or workstations) this would be awesome.

My main goal is to slow down some applications or tor browsers so as to make my tor traffic harder for traffic analysis. Let’s say I want to update my tor browser, when the bandwidth is unlimited it would be quickly downloaded based on the connection and it makes it easy to guess I downloaded something like a tor browser. Replace tor browser here with anything, for example downloading whonix images. If I don’t regularly download big files but only Whonix images, it could be easy to guess I’m a Whonix user. Like a big download after 1-2 days of each Whonix release. Of course partial updates might solve this problem.

If I could slow down a port on gateway, the download would take longer and it both makes it harder to guess what you are doing or downloading, but it also creates a constant and longer noise which would benefit any other activity on background like regular web surfing.

Nobody seems to need or care about real anonymity, which is Tor plus protection against traffic analysis.

Nobody is an exaggeration. Some people do.

Not sure what you expect. This is one good suggestion among many. iptables already supports traffic shaping. If you learn how to do this, it should be easy to add to Whonix’s firewall.

Defense against traffic analysis isn’t simple. Subject to scientific research:

After reading a lot papers from anonbib, I am not sure traffic limiting would help against traffic analysis. Anonbib has lots of great ideas, such as Alpha-Mixing and much more. Please don’t be mad at me, for not being able to implement them.

The bigger problem is, that too many people have a “someone else should do it” mindset.

Libre Software is a do-ocracy. There is an abundance of great ideas, but a scarcity of people willing to implement them.

Expecting the Whonix community to quickly implement your suggestion is a bit unfair. Why accuse those who do try to improve anonymity for being lazy when a lot others else does nothing at all about it?

idea | action
Better iptables documentation? → go for it
no iptables gui with traffic shapping? → go for it
Tor is too weak? → start funding and organizing a competitor

If not you and now, who and when…