[Whonix-devel] VPN's and SSH's not as good for hiding Tor traffic?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

(This is a general issue. Not an issue caused by Whonix.)

Using a VPN or SSH neither doesn't provide strong guarantees of hiding your the fact you are using Tor from your ISP. VPN's and SSH's are vulnerable to an attack called Website traffic fingerprinting ^5^. Very briefly, it's a passive eavesdropping attack, although the adversary only watches encrypted traffic from the VPN or SSH, the adversary can still guess what website is being visited, because all websites have specific traffic patterns. The content of the transmission is still hidden, but to which website one connects to isn't secret anymore. There are multiple research papers on that topic. ^6^ Once the premise is accepted, that VPN's and SSH's can leak which website one is visiting with a high accuracy, it's not difficult to imagine, that also encrypted Tor traffic hidden by a VPN's or SSH's could be classified. There are no research papers on that topic.

As another issue that may apply, people who need to hide Tor, may also not want to be associated with other encrypted traffic such as traffic from VPN's or SSH's. So in many cases, recommending another kind of encrypted traffic (VPN or SSH) to hide encrypted traffic one wants to hide (Tor), isn't an applicable advice.

Traffic stenography; private and obfuscated bridges as an maybe alternative method, have their own blog post. [5]

^5^ See Tor Browser Design [1] for a general definition and introduction into Website traffic fingerprinting.  
^6^ See slides for Touching from a Distance: Website Fingerprinting Attacks and Defenses [2]. There is also a research paper [3] from those authors. Unfortunately, it's not free. However, you can find free ones using search engines. Good search terms include "Website Fingerprinting VPN". You'll find multiple research papers on that topic.

The article "Hide the fact, that you are using Tor/Whonix" has been updated with this information. [4]

[1] [https://www.torproject.org/projects/torbrowser/design/](https://www.torproject.org/projects/torbrowser/design/)  
[2] [http://www.cs.sunysb.edu/~xcai/fp.pdf](http://www.cs.sunysb.edu/~xcai/fp.pdf)  
[3] [https://dl.acm.org/citation.cfm?id=2382260](https://dl.acm.org/citation.cfm?id=2382260)  
[4] [https://sourceforge.net/p/whonix/wiki/Hide%20Tor%20and%20Whonix%20from%20your%20ISP/](https://sourceforge.net/p/whonix/wiki/Hide%20Tor%20and%20Whonix%20from%20your%20ISP/)  
[5] [https://sourceforge.net/p/whonix/featureblog/2013/04/private-and-obfuscated-bridges-not-so-good-for-hiding-tor/](https://sourceforge.net/p/whonix/featureblog/2013/04/private-and-obfuscated-bridges-not-so-good-for-hiding-tor/)

URL: http://sourceforge.net/p/whonix/featureblog/2013/04/vpns-and-sshs-not-as-good-for-hiding-tor-traffic/

[Whonix-devel] VPN's and SSH's not as good for hiding Tor traffic?

Whonix is an Anonymous Operating System.

[Whonix-devel] VPN's and SSH's not as good for hiding Tor traffic?