Kicksecure initates Tor connections by default to check for updates and download updates etc.
Is it dangerous to have Kicksecure active 24/7 even when not using it actively as state actors could potentially correlate connection patterns to deanonymize you?
Or is it even more dangerous to shutdown your Kicksecure device when not actively using it as they could correlate your Tor connections with your real life patterns, e.g. you shut down Kicksecure when leaving your physical location with your personal mobile device which is linked to your identity?
I am aware of this is an anoymity question and this is not a target of Kicksecure but related to Kicksecure.
1 Like
Honestly I think the worst thing that could deanonimize you is the fact that I’m pretty darn sure the default handling or the tor state (Tails doesn’t persist the Tor state only saved bridges).
This means that you connect to your home WiFi SSID and then connect to a public WiFi network. You will have the same entry guards on both networks or really all saved network connections actually.
If I’m wrong about this someone correct my reply cause last I checked tor daemon config with be used for all saved connection.
What I think Kicksecure and (would be good for Whonix host) is to set different guards for each saved connection. I’m not sure how you implement this but here are some approaches worth looking at.
Two approachs would require some scripting:
1st Approach: One torrc template + different DataDirectory per SSID
The DataDirectory directive tells Tor to keep its cached-descriptors, state, and therefore its guard list in that directory. The first time it runs it will build a fresh set of guards.
- Create a torrc template (~/tor-templates/torrc.template). Leave out the two lines that change per SSID – DataDirectory and UseEntryGuards – inject them later.
- Write a small wrapper script that Network Manager will call from /etc/NetworkManager/dispatcher.d. It receives the SSID as $1:
Approach 2 – A completely separate torrc file per SSID
- Create a directory ~/nm-tor/ and drop as many torrc files as you like. Essentially a process that listens for saved network-manager names and saves the name for each torrc file. This makes the dispatching tor simpler for scripting.
A completely new DataDirectory means Tor will bootstrap from an empty cache and discover its own, isolated set of entry guards:
- Same torrc file, different directory → different guards
- Different torrc files pointing at different directories → also different guards
You mean the Tor Daemon active 24/7?
If so I don’t think so but idk why you would unless you are using Kicksecure as a server of sorts?
Again you mean kill the Tor daemon connection?
The only thing a ISP or someone monitoring your network could see is when you bootstraped (connected to Tor) and when you disconnected from Tor.
In relation to your mobile device I would say as long as you are using mac address spoofing and not using a obvious or unique hostname (eg. Your first name). Then I would say you are fine if you are connecting to the same network you are using Kicksecure on. Realistically if you phone is turned on when you leave they can track your location. They can also see if you phone is turned off. If whatever you are doing requires a high threat model, I would leave your phone turned on and at home or turn it off and put it faraday bag. Phones are basically the cop in your pocket.