With the recent allegations of monitoring of @torproject entry nodes by #German agencies to identify users with "timing analyzes" (https://www.tagesschau.de/investigativ/panorama/tor-netzwerk-100.html), I've been looking for protections against this sort of attack if it proved to be feasible. The best solutions would obviously be more entry nodes with Entry Guard and rejection of mass internet surveillance, but as a second-best/intermediate option for users, using a #Tor-connected OS, specifically @whonix, instead of just using the browser from a normal clearnet-connected host, would provide adequate protections.The OSes connect to a static entry node (using Tor
... show moreWith the recent allegations of monitoring of @torproject entry nodes by #German agencies to identify users with "timing analyzes" (https://www.tagesschau.de/investigativ/panorama/tor-netzwerk-100.html), I've been looking for protections against this sort of attack if it proved to be feasible. The best solutions would obviously be more entry nodes with Entry Guard and rejection of mass internet surveillance, but as a second-best/intermediate option for users, using a #Tor-connected OS, specifically @whonix, instead of just using the browser from a normal clearnet-connected host, would provide adequate protections.The OSes connect to a static entry node (using Tor Entry Guard) independent of the browser or other applications. The Tor browser on the client then connects to their own rotating entry node, distributing the entry points and increasing the likelihood that the owners are separate entities.
Do note that this does not automatically provide additional protections for non-Tor apps installed on the client, though they may still have standard protections through the Tor network as part of Stream Isolation (https://www.whonix.org/wiki/Stream_Isolation). Also note that #Tails does not provide additional protections, since they do not use Tor Entry Guard protections (https://gitlab.tails.boum.org/tails/tails/-/issues/11732).
Thanks to @yawnbox for his corrections.
#Privacy #security #CyberSecurity #surveillance
Das Tor-Netzwerk gilt als wichtigstes Werkzeug, um sich anonym im Internet zu bewegen. Behörden haben begonnen, es zu unterwandern, um Kriminelle zu enttarnen. In mindestens einem Verfahren waren sie erfolgreich. Von R. Bongen und D. Moßbrucker.
Robert Bongen (tagesschau.de)