Why you can't hide TOR usage from ISP?

How exactly the ISP finds out that you are using TOR even if they can’t identify the TOR entry node?. How pluggable transports bypass censorship of TOR if the ISP can identify TOR traffic no matter what you do?.

The ISP can analyze the traffic to discover Tor usage.

1 Like

from what I understand from the technical discussion is that the ISP can see there is something ‘suspicious’ in the user when he/she have all the traffic directed into one IP and doesn’t look like a regular windows user with a lot of different communications with other things like Microsoft. But isn’t it the same with ‘regular’ users that use VPN and direct all of their traffic through a VPN?. How the ISP can tell if you are a TOR user or someone who use VPN or TOR over VPN?.

Read the posts again. Tor traffic is unique and can be identified, hence why pluggable transports are sometimes needed rather than just an ordinary bridge. VPNs don’t protect against website traffic fingerprinting.

Why you can’t hide TOR usage from ISP?

Well, it’s a loaded question. You already assume that’s the case. But if you write a loaded question, how did you come to that conclusion? If it was from Hide Tor use from the Internet Service Provider then it would be useful to reference that. But if you know that page already, then what exactly isn’t clear? Please quote specific passages which are unclear.

Let’s assume VPN’s wouldn’t be vulnerable to website traffic fingerprinting. (Which isn’t the case.)

Hiding Tor means: you don’t want to stand out. But if using Tor isn’t OK, why would using a VPN be OK?

website traffic fingerprinting

1 Like

The article in the link talked about the possibility of the ISP save and analyze your traffic in the future and the ability to guess the site you are using by looking at some patterns in the traffic. but it isn’t some kind of a unique fingerprint that no other site can have(especially if it is a simple site) and it can change in different scenarios.

Tor traffic is unique and can be identified, hence why pluggable transports are sometimes needed rather than just an ordinary bridge

If you can make TOR traffic into something that is no longer unique you are still hiding your TOR usage if the ISP can only guess if you are just using VPN or TOR with VPN. VPN is a more ‘legitimate’ thing than TOR which has a reputation of something only pedophiles and criminals use.

I think the articles in this website should point out the possible vulnerabilities in methods for hiding TOR usage but saying that people should completely give up on hiding their TOR usage just because you can’t look like the majority of windows users will just prevent people from doing what they can do to hide their TOR usage and be part of a more general group of VPN users. There is safety in numbers and you should make yourself look like part of a bigger group of users(like VPN users) even if they are not the majority.

Hide Tor use from the Internet Service Provider is doing that.

We didn’t say that.

We currently write:

It is impossible to Hide Tor use from the Internet Service Provider (ISP). It has been concluded this goal is difficult beyond practicality.

What’s the point of hiding a little bit?

It’s already clear that VPNs cannot hide what type of traffic such as Tor is inside. → website traffic fingerprinting

website traffic fingerprinting sounds actually confusing. It’s fingerpriting to the level of knowing which website you visit which is already a very fine grained information. Detecting type of traffic is far easier to classify then detecting what’s even inside web browsing traffic.

This assumes that VPNs aren’t vulnerable to website traffic fingerprinting and that using a VPN causes less trouble than Tor which is also not proven.

Also Tor Project offers pluggable transports not for hiding Tor but censorship circumvention.

Then that page also notes endless data retention and retroactive policing.

Could easily backfire and join a group classified as VPN + Tor rather than just 1 of the two.

As Tor Project used to write https://www.webcitation.org/6EUyWNl4n

Use bridges and/or find company

Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you’re using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

What’s the point of hiding a little bit?

It’s already clear that VPNs cannot hide what type of traffic such as Tor is inside. → website traffic fingerprinting

website traffic fingerprinting sounds actually confusing. It’s fingerpriting to the level of knowing which website you visit which is already a very fine grained information. Detecting type of traffic is far easier to classify then detecting what’s even inside web browsing traffic.

In website traffic fingerprinting the ISP can only guess and this is the word the article about “VPN/SSH Fingerprinting” used and this is probably after analyzing a website that might generate some complicated traffic. There are also variations within every sites with different pages that can change. The ISP can’t analyze every website and find unique features in all of them, especially with something like obsf4 pluggable transport that do some obfuscation of the traffic volume.

Endless data retention dosn’t necessarily means that the ISP can detect any TOR user.

The quote about TOR bridges said that you can reduce the risk of someone like the ISP finding out that you are using TOR by using a bridge and that TOR prevents attackers from finding out what websites you visit.

Even if pluggable transports are not designed specifically to hide TOR usage that dosn’t mean they can’t be used for that. They work by making TOR traffic to look like something else.

recent development:
this sub forum was closed, see: general Tor and anonymity talk forum deactivated

The Whonix project completed its research on subjects such as

  • hiding Tor, and
  • using Tor in combination with VPNs.

Conclusions and project position can be found here:

It’s time to move on.

I am interpreting this as a Whonix documentation bug report.

Whonix ™ developers will normally only respond if they are convinced an actual technical, privacy or security-related problem has been identified.

In the past, Whonix ™ developers provided answers to a wide range of reported oddities, such as console output messages that were difficult for users to understand. Unfortunately this level of attention is no longer possible, for reasons outlined in this chapter. Effective December 1, 2018, the policy concerning responses to support requests and concerns had changed.

Read more here:
Bug Reports, Software Development and Feature Requests

I don’t have time for such debates and neither time for supervising a forum being active on too many Whonix-unspecific subjects. (personal liablity)

Since such discussions are unspecific to Whonix. Whether it is possible or not that one can hide Tor and/or if VPNs are of any use, everyone is free to do their own research, have their own opinion and come to their own best way to deal with it. But it has little to do with Whonix which is a research and implementation project that implements Tor but not the Tor Project or anonbib.

For these reasons, from now on these subjects must to be discussed elsewhere as per free support principle.

If there was serious research on that subjects (anonbib or some other serious write-up that considers existing research), then these subjects could be re-considered.

Closing.

1 Like