Tor on Whonix: A couple of questions
51 views
Skip to first unread message
Anil
Mar 20, 2020, 3:04:18 PM3/20/20
to qubes-users
I have been using Qubes OS for more than an year now. I use Tor
Browser in Whonix DVM (earler anon-whonix, but now in Whonix DVM). I
mostly use it for reading Google News, because in these times of
targeted servicing (i.e., personalization), I do not want to be
reading new that is specially assembled for me by an algorithm relying
on my personal data. The news is not about me, it should have nothing
to do with me, not even how the news items are put together. (By the
way, the same applies to any recommendation system). I want to decide,
without someone biasing my selection, what news to read and what not
to read.
(I know using Google News already introduces some bias, but I don't
solely use Google News for getting my news. I also happen to be
involved with some research related to published news.)
What I have observed on my computer (any computer, including those on
which Intel ME is neutered) is that Google News almost always (>99% of
the time) open with the US news. I don't think that is how it should
be working. If there is true anonymity, the page should open randomly
to any country and any language. That does not happen, at least not
for me.
I tried creating a new Whonix DVM template and checking whether it
still happens. It does (that is, both of the problems mentioned
above).
I do know for sure that there is plenty of research on
de-anonymization of tor traffic. It can be easily searched for on
Google Scholar.
I am not sure whether this it is Qubes specific or a problem related
to Tor in general. I personally think the latter is more likely, due
to de-anonymization.
Another related question is about a problem I am facing, even in newly
installed (but updated) Qubes OS Tor Browser on Whonix (even DVM), is
that when it starts, everything seems to be working. After some time,
either the browser crashes, or it freezes or it works intermittently.
Now, for the last few weeks, the context menu (on right click) becomes
corrupted (there are two items visible, the rest are invisible,
although I can still use them by using keyboard arrows and pressing
enter). I use two of these invisible options to bookmark all the
pages.
I tried creating a new Whonix DVM template and checking whether it
still happens. It does (that is, both of the problems mentioned
above).
The second one I have not yet seen on the computer with neutered Intel
ME, but that may be because I have not really started using it so far
(I only got it recently).
I don't take all the precautions that some Qubes users suggest, but I
do take a lot of precautions (increasingly more, including changing
habits).
Can anyone suggest what could be the problem (particularly for the
second question, as the first one may be due to other reasons)? Is it
a bug or is it specific to my network?
Regards,
अनिल एकलव्य
(Anil Eklavya)
Browser in Whonix DVM (earler anon-whonix, but now in Whonix DVM). I
mostly use it for reading Google News, because in these times of
targeted servicing (i.e., personalization), I do not want to be
reading new that is specially assembled for me by an algorithm relying
on my personal data. The news is not about me, it should have nothing
to do with me, not even how the news items are put together. (By the
way, the same applies to any recommendation system). I want to decide,
without someone biasing my selection, what news to read and what not
to read.
(I know using Google News already introduces some bias, but I don't
solely use Google News for getting my news. I also happen to be
involved with some research related to published news.)
What I have observed on my computer (any computer, including those on
which Intel ME is neutered) is that Google News almost always (>99% of
the time) open with the US news. I don't think that is how it should
be working. If there is true anonymity, the page should open randomly
to any country and any language. That does not happen, at least not
for me.
I tried creating a new Whonix DVM template and checking whether it
still happens. It does (that is, both of the problems mentioned
above).
I do know for sure that there is plenty of research on
de-anonymization of tor traffic. It can be easily searched for on
Google Scholar.
I am not sure whether this it is Qubes specific or a problem related
to Tor in general. I personally think the latter is more likely, due
to de-anonymization.
Another related question is about a problem I am facing, even in newly
installed (but updated) Qubes OS Tor Browser on Whonix (even DVM), is
that when it starts, everything seems to be working. After some time,
either the browser crashes, or it freezes or it works intermittently.
Now, for the last few weeks, the context menu (on right click) becomes
corrupted (there are two items visible, the rest are invisible,
although I can still use them by using keyboard arrows and pressing
enter). I use two of these invisible options to bookmark all the
pages.
I tried creating a new Whonix DVM template and checking whether it
still happens. It does (that is, both of the problems mentioned
above).
The second one I have not yet seen on the computer with neutered Intel
ME, but that may be because I have not really started using it so far
(I only got it recently).
I don't take all the precautions that some Qubes users suggest, but I
do take a lot of precautions (increasingly more, including changing
habits).
Can anyone suggest what could be the problem (particularly for the
second question, as the first one may be due to other reasons)? Is it
a bug or is it specific to my network?
Regards,
अनिल एकलव्य
(Anil Eklavya)
Sven Semmler
Mar 21, 2020, 4:48:35 PM3/21/20
to Anil, qubes-users
On Sat, Mar 21, 2020 at 12:33:58AM +0530, Anil wrote:
> What I have observed on my computer (any computer, including those on
> which Intel ME is neutered) is that Google News almost always (>99% of
> the time) open with the US news.
That has nothing to do with your computer or Tor. It's you ;-)
> What I have observed on my computer (any computer, including those on
> which Intel ME is neutered) is that Google News almost always (>99% of
> the time) open with the US news.
If you type news.google.com ... Google assumes you want US news
news.google.de --> German news
news.google.co.uk --> British news
news.google.fr --> French news
... I think you get the idea.
/Sven
--
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
Anil
Mar 21, 2020, 6:00:28 PM3/21/20
to Anil, qubes-users
Well, I asked someone who knows better and he settled this matter.
Apparently, Google News uses the settings of the browser, which in
this case (Tor Browser) is set en-US. So it won't be random.
It is not true that if I type news.google.com, I would always
everywhere be getting the US news in English. For example, if I use a
VPN and the server is locate in Canada, then Google will redirect me
to news.google.ca.
So the first question is settled, but the second remains: about the
freezing, crashing, the corrupted context menu: Only in Tor Browser on
Whonix. I use Unstrusted VM whole day today and didn't fact that
problem.
--
Apparently, Google News uses the settings of the browser, which in
this case (Tor Browser) is set en-US. So it won't be random.
It is not true that if I type news.google.com, I would always
everywhere be getting the US news in English. For example, if I use a
VPN and the server is locate in Canada, then Google will redirect me
to news.google.ca.
So the first question is settled, but the second remains: about the
freezing, crashing, the corrupted context menu: Only in Tor Browser on
Whonix. I use Unstrusted VM whole day today and didn't fact that
problem.
Anil
Mar 21, 2020, 7:00:38 PM3/21/20
to Anil, qubes-users
It is not true that if I type news.google.com, I would always
everywhere be getting the US news in English. For example, if I use a
VPN and the server is locate in Canada, then Google will redirect me
to news.google.ca.
So the first question is settled, but the second remains: about the
freezing, crashing, the corrupted context menu: Only in Tor Browser on
Whonix. I use Unstrusted VM whole day today and didn't fact that
problem.
Sorry for top posting last time.
Well, actually, even the first question is not settled in the light of what I said about VPN.
Even without VPN, if I type google.com sitting in India, I get redirected to Google India.
I have tried many times over VPN and I always type news.google.com and I get redirected to whatever setting the *exit node’s* browser has, not my browser. You can reproduce it too by using a VPN and selecting a server in some other non-English speaking country.
Why is that one always gets the impression that world means the US or perhaps Europe also? You don’t know what it is in India, for example.
And on Tor, I was always redirected in this way, which I had noticed, but had forgotten as it was long ago. On Tor over Whonix in Qubes OS, I am always getting the US news in English, whereas I should be getting redirected as per the settings of exit node’s Tor Browser. This used to happen earlier without Qubes OS. But I don’t think it has anything to do (directly) with Qubes OS or Whonix or Tor Browser. It most probably shows that data-based machine learning (AI) is happening to de-anonymise Tor traffic, whether at Google’s end or service provider’s end I don’t know.
What I do know, as I said earlier about active research going on in this area. I work in AI and Natural Language Processing and I know that it is easy to to it with some degree of accuracy. Even I could do it if I had the dataset.
And second question still remains: the freezings, the crashes and the corrupted context menu.
Anil
Mar 22, 2020, 6:55:42 AM3/22/20
to Anil, qubes-users
> I have tried many times over VPN and I always type news.google.com and I get redirected to whatever setting the *exit node’s* browser has, not > my browser. You can reproduce it too by using a VPN and selecting a server in some other non-English speaking country.
...
> And second question still remains: the freezings, the crashes and the corrupted context menu.
Actually, I don't think Google uses browser settings. It tries to use
location information: GPS, if available, otherwise IP address at
least. That is why the redirection happens.
Even in the case of Amazon, if I open amazon.com from an IP in India,
it asks me whether I want to change the country to India (even if not
signed in), as amazon.com and amazon.in are two different websites for
most practical purposes. This is not the case for Google News, which
just changes the country and language settings, based on the location
or explicit selection by the user.
I do read the US news. And I explicitly select India-English when I
want to read India news. Without my explicit selection, it relies on
the location, as far as I can understand. And they try to guess the
location using all the tools and data at their disposal, including
machine learning, constrained perhaps by my privacy setting
(hopefully). If you are signed in, it will work in one way. If you are
not signed in (like in Tor Browser), it will work differently.
Even network service providers are beginning to treat different kinds
of traffic differently, based on the characteristics of the data,
looking at the headers, but also at packets, if necessary. If the data
is encrypted, they can still try to apply machine learning techniques
to predict what kind of data it is. There are PhD theses on this. Net
Neutrality is almost gone, or going out fast.
For websites etc., even if they don't know who the user is (not signed
in, using Tor), they can still create a profile of the session
(clicks, durations, scrolling etc.) if the session lasts long enough.
Based on this profile, they can try to predict who the user is or at
least what is the actual country. This I am saying off the top of my
head, based on what we do in AI and Natural Language Processing. One
thing is for sure, because of the exponentially more data available to
them and the resources they have, they can do a much better job at
such prediction than any researcher can do. This is almost common
knowledge in the research community, whether explicitly acknowledged
or not.
And if someone is targeted, then it's a whole other game, based on the
laws, rules and regulations of the country.
I have attached the screenshots about the second question, of
corrupted context menu.
Regards,
Anil
Mar 22, 2020, 6:58:19 AM3/22/20
to Anil, qubes-users
> I have attached the screenshots about the second question, of
> corrupted context menu.
The first screenshot is when I detach the tab from the window where
> corrupted context menu.
all the other tabs are, and second is when the tab is in the original
window.
Anil
Mar 22, 2020, 7:18:03 AM3/22/20
to Anil, qubes-users
> the location, as far as I can understand. And they try to guess the
> location using all the tools and data at their disposal, including
> machine learning, constrained perhaps by my privacy setting
> (hopefully). If you are signed in, it will work in one way. If you are
> not signed in (like in Tor Browser), it will work differently.
I am sure Qubes OS and Tor developers know this.That is why Tor starts
> location using all the tools and data at their disposal, including
> machine learning, constrained perhaps by my privacy setting
> (hopefully). If you are signed in, it will work in one way. If you are
> not signed in (like in Tor Browser), it will work differently.
with a particular window size and at random location on the screen and
it warns against changing the window size, particular to full screen.
Regards,
Anil Kumar Singh
Reply all
Reply to author
Forward
0 new messages