Fingerprinting

[neuroscr]

So I was thinking about our discussion about using a VM and fingerprinting last week and just realized if we do all use the same VM, then it's VERY easy for ISPs to filter traffic from our fingerprint out. Maybe having different OS fingerprints is best (at least for the routers/relays).

Please discuss in this ticket.

[majestrate]

On Mon, Dec 03, 2018 at 07:49:04PM -0800, Ryan Tharp wrote:

So I was thinking about our discussion about using a VM and fingerprinting last week and just realized if we do all use the same VM, then it's VERY easy for ISPs to filter traffic from our fingerprint out. Maybe having different OS fingerprints is best (at least for the routers/relays).

This is true, I didn't not consider that aspect. I am not sure how much of an impact it will have since the traffic visible to the isp is uniform (fixed encrypted chunks sent over uTP) but traffic shape hueristics could be fingerprinted (maybe). The reason for using uTP is to make it eventually have an identitical fingerprint to uTorrent.

Please discuss in this ticket.

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/loki-project/loki-network/issues/96

[KeeJef]

The reason for using uTP is to make it eventually have an identitical fingerprint to uTorrent.

Is this desirable, uTorrent and the uTP packet structure seems likely to be blocked via Deep packet inspection in the future, is there lots of other applications that use uTP? i guess if blocked we could run packets through an existing obfuscator like OBFS4

[majestrate]

On Wed, Dec 05, 2018 at 08:37:29PM -0800, Kee Jefferys wrote:

The reason for using uTP is to make it eventually have an identitical fingerprint to uTorrent.

Is this desirable, uTorrent and the uTP packet structure seems likely to be blocked via Deep packet inspection in the future, is there lots of other applications that use uTP? i guess if blocked we could run packets through an existing obfuscator like OBFS4

The idea is if they block it at the protocol level they also would block bittorrent, in china that'd be a huge freaking deal.

-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/loki-project/loki-network/issues/96#issuecomment-444745809

[liilac]

On Wed, Dec 05, 2018 at 08:37:29PM -0800, Kee Jefferys wrote: > The reason for using uTP is to make it eventually have an identitical fingerprint to uTorrent. Is this desirable, uTorrent and the uTP packet structure seems likely to be blocked via Deep packet inspection in the future, is there lots of other applications that use uTP? i guess if blocked we could run packets through an existing obfuscator like OBFS4 The idea is if they block it at the protocol level they also would block bittorrent, in china that'd be a huge freaking deal. … -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: #96 (comment)

I think obfs4 support should be strongly considered. Assumptions such as this neglect to consider the diversity of users.

[majestrate]

On Sat, Dec 08, 2018 at 09:32:42PM -0800, Lilac wrote:

On Wed, Dec 05, 2018 at 08:37:29PM -0800, Kee Jefferys wrote: > The reason for using uTP is to make it eventually have an identitical fingerprint to uTorrent. Is this desirable, uTorrent and the uTP packet structure seems likely to be blocked via Deep packet inspection in the future, is there lots of other applications that use uTP? i guess if blocked we could run packets through an existing obfuscator like OBFS4 The idea is if they block it at the protocol level they also would block bittorrent, in china that'd be a huge freaking deal. … -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: #96 (comment)

I think obfs4 support should be strongly considered. Assumptions such as this neglect to consider the diversity of users. i don't think relying on just 1 technology is a good idea, i am not opposed to such use of things like obfs4. i think that if you're in a bad network you should use the (yet to be designed and implemented) cascading bridge infrastructure with protocol obfuscation for sure and should absolutely not be connecting directly to a service node. in that case it's about blending in with other trafffic not just making the traffic a uniform random as that may stick out really bad.

-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/loki-project/loki-network/issues/96#issuecomment-445512568

[liilac]

Offering multiple options is fine, I was criticising the suggestion that it's out of scope, which I feel undermines the usefulness of the technology, making it more dangerous to use for some users.

Also, there's precedent for uTP blocking via DPI even in Western countries like the US and Australia.

[liilac]

The Whonix development community is likely to be a valuable resource here.

They have a lot of stuff on their wiki, and I'm sure most project members would be keen to offer advice on this topic. Is reaching out to them of interest?

Thoughts @majestrate @neuroscr ?

Relevant wiki page: https://www.whonix.org/wiki/Fingerprint

Related wiki pages:

• https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection
• https://www.whonix.org/wiki/Data_Collection_Techniques
• https://www.whonix.org/wiki/DoNot

[majestrate]

On Mon, Dec 10, 2018 at 06:26:47AM -0800, Lilac wrote:

The Whonix development community is likely to be a valuable resource here.

They have a lot of stuff on their wiki, and I'm sure most project members would be keen to offer advice on this topic. Is reaching out to them of interest? very yes.

Relevant wiki page: https://www.whonix.org/wiki/Fingerprint

Related wiki pages:

• https://www.whonix.org/wiki/Protocol-Leak-Protection_and_Fingerprinting-Protection
• https://www.whonix.org/wiki/Data_Collection_Techniques
• https://www.whonix.org/wiki/DoNot

-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/loki-project/loki-network/issues/96#issuecomment-445833447