{{Header}}
{{Title|title=
Network, Browser and Website Fingerprint
}}
{{#seo:
|description=About {{project_name_long}} Network, Bridge/Guard, Internet Service Provider (ISP) Fingerprint and Website Traffic Fingerprinting.
|image=Eye-319668-640.jpg
}}
[[File:Eye-319668-640.jpg|thumb]]
{{intro|
About {{project_name_short}} Network, Bridge/Guard, Internet Service Provider (ISP) Fingerprint and Website Traffic Fingerprinting.
}}
<!--
Copyright:

   {{project_name_short}} Anonymity wiki page Copyright (C) Amnesia <amnesia at boum dot org>
   {{project_name_short}} Anonymity wiki page Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to:

    Free Software Foundation, Inc.
    51 Franklin St, Fifth Floor
    Boston, MA 02110-1301, USA.

On Debian GNU/Linux systems, the complete text of the GNU General Public
License can be found in the /usr/share/common-licenses' directory.

The complete text of the GNU General Public License can also be found online on gnu.org <https://www.gnu.org/licenses/gpl.html>, in {{project_name_short}} virtual machine images in /usr/share/common-licenses/GPL-3 file or on Github <https://github.com/{{project_name_short}}/derivative-maker/blob/master/GPLv3>.
-&rarr;
<!--
The {{project_name_short}} Fingerprint wiki page is forked from the Tails Fingerprint page, from this exact source <https://git.immerda.ch/?p=amnesia.git;a=blob;f=wiki/src/doc/about/fingerprint.mdwn;h=24d279245503ec0014b941c82266b6127fe0a1dc;hb=b10ce9f3622437faa7fe2b0b52c83a4fe018fc4a>.
-->
= Introduction =

In this chapter, the term ''fingerprint'' refers to the specific way {{project_name_short}} behaves on the Internet. Those specificities could be used to determine whether a particular user is running {{project_name_short}} or not.

= Fingerprinting Information =

Various types of information can be leaked about the user's browser, (host) operating system and hardware depending on the external party in question.

== Entry Guards or Bridges ==
The very same wiki chapter as in the Whonix wiki applies. {{whonix_wiki
|wikipage=Fingerprint#Entry_Guards_or_Bridges
|text=Entry Guards or Bridges
}}

== ISP or Local Network Administrators ==

'''Table:''' ''Fingerprinting Domains''

{| class="wikitable"
|-
! scope="col"| '''Domain'''
! scope="col"| '''Description'''
|-

! scope="row"| Network Stack Hardening
| {{project_name_short}} has implemented various [https://github.com/Kicksecure/security-misc security hardening] measures like disabling TCP timestamps, ICMP redirections, firewalling invalid packages, and more. Unfortunately these measures can increase the risk of ISP or Local Network fingerprinting. Despite this, security hardening has been prioritized.
|-

! scope="row"| Random ISN Generation
| {{project_name_short}} prevents TCP ISN leaks through [https://github.com/Kicksecure/tirdad Tirdad kernel module for random ISN generation]. Unfortunately this reduces ISP or Local Network fingerprinting resistance. Despite this, security has been prioritized.
|-

! scope="row"| Tor Entry Guards
| {{project_name_short}} uses an unmodified version of Tor, Tor Entry Guards are used as the default mechanism to connect to the Tor network. <ref>
https://support.torproject.org/#about_entry-guards
</ref> Consequently, a Tor user will maintain the same relay as the first hop for an extended period, <ref>
Typically the entry guards are rotated after a few months.
</ref> which is a security feature.
|-

! scope="row"| Time Synchronization
| When {{project_name_short}} is started, the system clock is synchronized to make sure it slightly differs from the host clock via <code>[[sdwdate]]</code>. <ref>
It is unknown if an ISP can detect whether a user has many different Tor circuits open. On the other hand, Tor seems to only open X entry guards and maintain them for a period, thus not opening as many entry guards as streams.
</ref>
|-

! scope="row"| systemcheck
| <code>[[systemcheck]]</code> also issues some network traffic over Tor to check for updates and [[Systemcheck#Warrant_Canary_Check|Warrant Canary Check]], which all passes through different circuits. This behavior might be specific to {{project_name_short}}.
|-

! scope="row"| [[Fingerprint#Website Traffic Fingerprinting|Website Traffic Fingerprinting]]
| Website traffic fingerprinting is also an open Tor research question, which is unspecific to {{project_name_short}}. <ref>
See [https://2019.www.torproject.org/projects/torbrowser/design/ Tor Browser Design] for further exploration of this issue.
</ref> A related and unresearched issue is whether fingerprinting risks also apply to other traffic, such as <code>apt</code> traffic.
|-

|}

== Advanced Traffic Fingerprinting ==
See {{whonix_wiki
|wikipage=Fingerprint#Advanced_Traffic_Fingerprinting
|text=Advanced Traffic Fingerprinting
}}.

== Visited Websites ==
Destination websites can retrieve {{whonix_wiki
|wikipage=Data_Collection_Techniques
|text=a lot of information
}} about a user's browser and system, while {{whonix_wiki
|wikipage=Tor_Browser/Advanced_Users#Adversary_Attack_Capabilities
|text=advanced adversaries
}} have even greater capabilities.

This is not the focus of {{project_name_short}}. For that, use [[Whonix]] instead.

== Website Traffic Fingerprinting ==
See {{whonix_wiki
|wikipage=Website_Traffic_Fingerprinting
|text=Website Traffic Fingerprinting
}}.

= Project Goals and Non-Goals =
See [[Privacy|Privacy Goals and Non-Goals of Kicksecure]].

= Non-Existing Network Fingerprint Research and Implementation =
What does <u>not</u> exist according to public available information:

* A) A research term who keeps analyzing Microsoft Windows, Debian, TBB, Tails, Whonix, Kicksecure etc. network fingerprint - on different hardware - and publishing results;
* B) based on above research, a development team trying to emulate popular network fingerprints.

= Non-Existing Solutions =
Solution:

C) security hardened networking + emulating "popular" network fingerprints: does <u>not</u> exist anywhere.

= Future =
Kicksecure: Might get a feature to restrict outgoing traffic to specific Linux user accounts and/or IP addresses. But it’s not yet implemented. For latest status, see ticket: [https://forums.kicksecure.com/t/kicksecure-firewall/378 Kicksecure Firewall]

This however does not magically fix all advanced fingerprinting techniques.

= Forum Discussion =
* https://forums.kicksecure.com/t/how-many-details-are-there-in-kicksecures-fingerprint-revealing-to-isp-the-os/1044
* https://forums.whonix.org/t/what-exaclty-tells-to-isp-generating-by-whonix-traffic/21549
* https://forum.qubes-os.org/t/question-to-develepors-what-hardware-information-reveals-qubes-system-clearnet-traffic-to-an-isp/33778

= Footnotes =
{{reflist|close=1}}
[[Category:Documentation]]
{{Footer}}