Update website FAQ about padding defenses

Someone in the blog pointed out that our FAQ is quite negative towards padding, even tho the latest tor actually does send netflow padding: https://blog.torproject.org/comment/269842#comment-269842

We should probs update the FAQ to avoid spreading confusion: https://www.torproject.org/docs/faq.html.en#SendPadding

changed milestone to %website redesign

added FAQ component::webpages/website milestone::website redesign owner::traumschule priority::medium resolution::fixed severity::normal status::closed type::defect website website-content labels

Trac:
Keywords: N/A deleted, website-content added

Trac:
Milestone: N/A to website redesign

Trac:
Keywords: N/A deleted, FAQ added

I am about to create a PR based on below information, please tell if relevant info is missing.

The FAQ mentions padding at two locations and needs to be updated:

• You should split each connection over many paths.
• You should send padding so it's more secure.

The blog post mentions:

• "As part of the security discussion, we talked about the new padding defenses that were recently added to Tor and provide cover to Tor circuits against traffic analysis. We made plans for future padding techniques and defenses." A comment clarifies:
• Note that it's just netflow padding to collapse netflow records, it's not the type of expensive padding that the FAQ addresses, but yes the FAQ should be tweaked a bit. It was also announced on tor-dev: https://lists.torproject.org/pipermail/tor-dev/2015-August/009326.html

Trying to summarize ticket #16861 (moved) linked in the blog:

• Now tor "sends padding on a client's Tor connection bidirectionally at a random interval that we can control from the consensus, with a default of 4s-14s."
• "padding approaches, with the goal of stymying some of the potential traffic analysis attacks out there -- website fingerprinting, end-to-end correlation, and the things in between. Padding between the guard and the client is especially appealing because a) it looks like it can provide pretty good mileage, and also b) I expect that we'd have an easier time raising more capacity at guards (compared to exits) if we publicize the reason why we need it." (comment:6:ticket:16861)
• send at least one cell on a connection every 15s
• the netflow defense only sends padding if the connection is idle

I stopped digging deeper but it might be enough to add this to the faq.

For details we could also link https://www.freehaven.net/anonbib/bibtex.html with several publications on padding.

Trac:
Status: new to assigned
Owner: N/A to traumschule

https://github.com/torproject/webwml/pull/21

Trac:
Status: assigned to needs_review

Thanks for the fixes here.

I made some minor edits in my own PR as a fixup commit: https://github.com/torproject/webwml/pull/24

In particular I fixed a broken anchor link, and a trivial word change.

I think my branch is ready to be merged upstream.

Trac:
Status: needs_review to merge_ready

Seems like this branch got merged to the FAQ yesterday but no updates on the ticket. Closing this ticket.

Trac:
Resolution: N/A to fixed
Status: merge_ready to closed

now your changes are not merged?

It's ok the missing anchor link did not make it to the actual website for some reason. And the 'stymying' word might be ok until someone complains ;)

closed

moved to tpo/web/trac#22958 (closed)