I’m using Whonix over a vpn. I would like to know if a third observer can see when I’m using my pc or not only by analyzing my network data exchanges.
I assume the third observer doesn’t have access to my machine of course in any possibile way (physical, backdoor, rootkits, bugs etc), otherwise evreything becomes possible.
A network level adversary can see what time you’re connected to your VPN at and when you disconnect. From this, they can determine when you’re using your pc. This can be solved by just leaving your pc on overnight still connected to the VPN. Maybe create a script to make a few random connections so the adversary doesn’t see a major drop in network usage.
Since adversaries can see which website is being visited even though using a VPN or SSH, even though they don’t know all the traffic in plaintext, it is easy to guess that they can also guess the type of traffic being generated.
I wouldn’t wonder if “user is really using the internet” is easily distinguished from “automated activity”. Users have unique patterns. Automation has too. User patterns change a bit but automated ones are very predictable. This looks more like a whack a mole, who takes more effort, who’s more dedicated, and not certainty for the one trying to hide activity than a resilient solution.