Hello, I was wondering if there were any scripts or packages that allow one to obfuscate traffic patterns across the entire network.
I was thinking of writing something that leverages maybenot, but I'd like to know if there are any preexisting tools first. Nevermind on this point, see eduperez's reply.
Its goal is to increase the uncertainty of network attackers
Are you worried your ISP might hack you ?
I'm concerned they might analyze patterns in my network traffic and use it to narrow down network activity, even behind a VPN.
See this article: https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita
"Since every website generates a pattern of network packets being sent back and forth based on the composition of its elements (like images and text blocks), it’s possible to use AI to connect traffic patterns to specific websites. This means your ISP or any observer (authority or data broker) having access to your ISP can monitor all the data packets going in and out of your device and make this kind of analysis to attempt to track the sites you visit, but also who you communicate with using correlation attacks (you sending messages with certain patterns at certain times, to another device receiving messages with a certain pattern at same times)."
That goes to wg and kernel developers to improve wg blinding.
What do you mean by "blinding", and when you say kernel are you referring to the OpenWrt kernel? Mullvad developed maybenot for DAITA, I'm not 100% certain how their implementation works but I'm pretty sure it doesn't modify the WireGuard protocol.
I'm curious what changes would have to be made to WG or OpenWrt for this to be possible, as there is a dearth of traffic obfuscation solutions for users who need them. It'd be well worth investigating in my opinion.
Whose parts come from the kernel/WG, I fail to see how this is OpenWRT related...
I'm confused about what he meant which is why I asked for clarification, I'm not sure how the kernel is relevant in this scenario unless there are features that need to be compiled in. DAITA (and maybenot) is built to be used alongside WireGuard or other protocols, all I meant is that it doesn't involve a change to WireGuard's code.
It would be a nice feature to have and I'd want it to apply to every device on my network which necessitates running it on the router, how is this not OpenWrt related? Should I have posted the thread to a different board?
Of course it is OpenWrt related, just like a myriad of other services such as VPNs... enhancing obfuscation
Maibenot is a framework, so you must build you application (for example, a browser) around it in order to use it, I do not see how can it be used on the router. If you need to obfuscate the traffic on the router, then you need something that works on the network level; hence the suggestion to improve an existing tunneling protocol like VPN.
Thank you for the clarification, I somehow misunderstood what "framework" meant.
There is prior art in running in front of carriage
Question I: Do you really need it?
Question II: Why do you trust VPN more than your ISP?
Have you tried posting to https://forum.torproject.org or https://crypto.stackexchange.com ?
Maybe, maybe not. As time progresses, advanced deanonymization techniques could become more commonplace. Perhaps I have nothing to worry about now, but because I can't know for certain I'd rather be on the safe side.
Why would anyone, for any reason trust their ISP over a VPN provider? VPNs have a financial incentive not to log or otherwise invade their users' privacy (if it was ever discovered that they were, they would lose a significant portion of their customer base overnight and would likely never recover). This is in contrast to ISPs who have a long and well-documented history of doing exactly what I just mentioned, logging and handing over info to whoever demands it or pays a tidy sum.
Edit: I have not tried posting to those boards, I will later. That's a good idea, thanks.
Your "safe" side is like wearing niqaab in France. Of course it hides your identity but in the same time it attracts police.
I'm not opposing cryptography or anonymity. I'm just saying that trying to be too good is attracting more attention that one would want. I'm sorry for being sarcastic but this is how it works in real World scenario. Remember, that electric soldering iron in one's anus is the best cryptanalysis tool ever.
There is no such thing as Internet anonimity and it is a myth that it ever existed.
This is reductive, and frankly, untrue. If there is so no such thing as anonymity then why do activists and dissidents rely on networks such as Tor for their communication? How can VPNs and Tor act as barriers to investigations if they are ineffective? (https://torrentfreak.com/ovpn-wins-court-battle-after-pirate-bay-data-demands-rejected-200911/) There is no such thing as "perfect" anonymity or privacy, we simply have to make the best of the tools that are available to us.
Your "safe" side is like wearing niqaab in France. Of course it hides your identity but in the same time it attracts police.
If guarding my privacy results in increased surveillance, then I would double down and guard it even harder. Using a VPN in and of itself isn't inherently suspicious, there a million different benign reasons people do so: torrenting, accessing movies/TV available in other countries, hiding your IP address from websites you distrust, just to name a few. Traffic obfuscation could result in increased scrutiny if they detect it, however in my mind, this is partially mitigated by the fact that obfuscation makes you more difficult to track in the first place. I don't think police are going to put cameras in your house simply because you mask traffic patterns.
Because you have legally obliging contract with your ISP. You're both in same country. You can drag them to court as much as they can drag you. Usually it makes people more respectful.
My ISP is legally obligated to hand over information if compelled to. VPNs, depending on their jurisdiction, are not, and cannot if their log policy holds true. (https://mullvad.net/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/)
And who is your VPN? Another offshore company? What obliges them to respect rights of some foreign citizen? The answer is NOTHING.
First of all, they have the financial incentive like I mentioned in my last reply. If people discover they were lying about not keeping logs, it's over for the service. Secondly, different countries have different laws regarding collecting, storing and handing over customer information. In the US, providers can be forced to keep logs if they don't already. That isn't the case in all Western nations, though, and as long as your VPN is not US-based you can be reasonably assured there's no legal precedent for them being forced to betray your trust.
VPN providers come and go, some were created specifically to spy. The only reason to have VPN is to access blocked resources. But I wouldn't trust those more than ISP.
Which ones were created to spy, and how do you know? You are correct that not all VPN providers are created equal, some are hilariously incompetent or just flat-out invasive, however this is a generalization and absolutely does not apply to all VPN services. Do you think Mullvad or IVPN are spying?
Tor is effective as long as you're that Joe no one cares about. Google for KAX17...
It either exists or it doesn't. Tertium non datur.
Government officials call it "Child porn, copyright violation, taxes evasion, illegal gun trade".
And your VPN doesn't? VPN is not even obliged to respect Constitution if you're a foreigner.
Trust me, they can have more money from an admirable organization like CIA. Your 5 dollars a month is a joke compared to that.
https://cybernews.com/security/5-7bn-data-entries-found-exposed-on-chinese-vpn/ - biggest one.
They respect requests from Swedish police and UK at least. Remind me, was in not UK that required logging and spying on almost everything? UK means Five Eyes, Fives Eyes means US Intelligence. Welcome to CIA hands! Remember when the US kidnapped son of Russian politician at the airport of Maldives and flew him over to Guam? Ah, why would anyone care about some Russian? Probably he deserved it.
Pretty much everything we're arguing about right now is speculative and unfalsifiable, I'm not sure there's any point in continuing this debate.
Tor is effective as long as you're that Joe no one cares about. Google for KAX17...
There are no confirmed deanonymizations as a result of KAX-17. Again, unfalsifiable. It is still very concerning that a threat actor attempted to use malicious Tor nodes to unmask clients.
It either exists or it doesn't. Tertium non datur.
This is reductive. In the context of what I said, anonymity does not have to be perfect to count as anonymity. There are always weaknesses in communication systems, understanding them and implementing countermeasures is the best way to use them safely.
And your VPN doesn't? VPN is not even obliged to respect Constitution if you're a foreigner.
No, they are not. See the link about OVPN I sent you, Swedish courts threw out the case. It's true that providers in foreign jurisdictions have separate laws they abide by, and it's possible that they may choose to respond to disclosure requests from other countries differently, however I have not heard of a reputable VPN provider willfully handing data over to a foreign government without demands from their own. I could be wrong though.
Government officials call it "Child porn, copyright violation, taxes evasion, illegal gun trade"
This is a loaded statement, if everyone who uses a VPN or Tor is treated as a criminal then they would never be able to effectively surveil anybody. 99% of VPN users are not criminals and not worth paying attention to.
Trust me, they can have more money from an admirable organization like CIA. Your 5 dollars a month is a joke compared to that.
Hypothetically speaking, this would only be feasible in the short-term, and would still ultimately result in the death of the service. I'm certain Mullvad has at least a few employees who genuinely care about privacy, all it takes is a single whistleblower for the whole operation to come apart. This is yet another unfalsifiable argument.
https://cybernews.com/security/5-7bn-data-entries-found-exposed-on-chinese-vpn/
This is why you stick to reputable paid providers. Again, not all VPNs are created equal.
They respect requests from Swedish police and UK at least.
Can you provide a source for this?
Remind me, was in not UK that required logging and spying on almost everything? UK means Five Eyes, Fives Eyes means US Intelligence.
Mullvad is not UK-affiliated and I cannot find any information about them complying with requests from the British government, please provide a source. Sweden (Mullvad's jurisdiction) is part of 14 eyes, not 5 eyes, they do not have the same intelligence sharing agreement that the US and the UK have. The surveillance, while still pervasive, is not as thorough and does not guarantee that the US will be able to deanonymize someone in Sweden, or who is connecting through Sweden (this is also applicable to five eyes). End-to-end encryption helps with this, which nearly all modern VPN implementations utilize.
The original question has solved, so let's stop this here instead of veering (exclusively) into politics.