Why Anonymity No Longer Exists in 2026 - Open Discussion

aronowski · May 21, 2026, 9:55pm

Was this synthetic video and the post even reviewed by a human in the first place, other than being uploaded and pasted after a generative model has finished its work?

Qubes OS was designed for security in mind, not privacy. For privacy the integration with Whonix is what matters.

The why does my link/ether address differ from my permaddr in sys-net?

Schnur:

Attack 2: Government Blocking of Tor

Tor is banned or restricted in many countries. Blocking methods are simple: TLS fingerprint blocking, port blocking, TCP traffic pattern analysis, blocking known entry node IPs.

AI-enhanced DPI systems make blocking even easier now.

None of the three systems include built-in anti-censorship/anti-DPI bypass. Bridges exist as add-ons but aren’t default. All three fail.

Named commercial systems doing this: Sophos, Fortinet, Vectra AI, Cisco Mercury (open-source on GitHub). These use machine learning and fixed rules for traffic classification.

Attack 3: Device Traffic Pattern Analysis

ISPs can profile devices by their background network “noise” (OS services, update checks, IoT devices, etc.). This fingerprint reveals what OS you run, what devices are active, and even behavioral patterns (when you sleep, watch TV, vacuum, etc.).

Scenario A (booting Tails on a work laptop): The normal traffic noise suddenly vanishes and is replaced by Tor traffic — a dead giveaway that a second OS was loaded.

Scenario B (dedicated secret laptop): ISP sees a new network subject appear alongside existing devices.

Virtual machine networking mode matters: NAT mode blends Tor into host traffic; bridged mode exposes a separate device.

None of the three systems generate fake background noise to mask their traffic patterns. All fail.

Attack 4: Tor Volume Pattern (TVP) Analysis

Tor fragments traffic into fixed 512-byte cells and adds minimal padding during idle periods to obscure timing.

However, the volume of traffic is still visible. Casual browsing/messaging produces low-volume patterns; downloading large files produces massive spikes.

This volume analysis has been used by US/EU law enforcement since at least ~2018 as an automated alarm system — a large Tor traffic spike flags the user for investigation.

The padding Tor generates is negligibly small by 2026 standards and essentially meaningless against modern analysis.

All three systems fail — none address traffic volume masking.

This seems more about complaints that Tor traffic isn’t masked properly, rather than about anonymity. How can a service, that I’d use/visit through Whonix Workstation in Qubes OS prove, that it was me, if no personal information (or other identifiers) has been provided?

Schnur:

Attack 6: RAM Forensics (+ Swap/Hibernation Files + Frame Buffer)

This is a multi-layered attack:

RAM capture: If a machine is seized while powered on, all data in RAM (passwords, keys, messages) is stored unencrypted and can be extracted. RAM data persists for minutes after power loss; freezing RAM with liquid nitrogen can preserve it for days.

Tails: Has a built-in “trigger tipping” mechanism that overwrites RAM (ones → zeros) on shutdown — passes.

Whonix & Qubes: Have no RAM-clearing mechanism — fail.

Swap/Page files: Whonix and Qubes use swap/page files, meaning RAM contents can be written to disk permanently. The presenter found 6 months of Jabber chats, images, and other sensitive data in a page file during a 2015 forensic investigation. Mentioned Belkasoft as the leading forensic tool company.

Tails: Doesn’t use swap or hibernation — passes (unless run inside a VM on Windows, where the host OS may page Tails’ memory to disk).

Whonix & Qubes: Vulnerable through swap/hibernation files — fail.

Frame buffer forensics: GPU memory stores rendered frames (screenshots of your work). With discrete GPUs, this memory can be forensically examined. With integrated graphics, frame data goes to RAM and potentially to swap files — extractable as actual screenshots of user activity.

All three systems are essentially vulnerable; none address this.

Yes, protecting confidential data from memory forensics is hard, as described in Thoughts dereferenced from the scratchpad noise. | ram-wipe: Further analysis

This is true in general, even if considering someone, who cares about keeping the information safe from prying eyes, but not about anonymity. Does this section try to suggest, that a service, that I’d use/visit through Whonix Workstation in Qubes OS, would notify the authorities that at a given time someone used it in such a way, so that all Tor users would be subjected to forensic examination?

This once again shows no understanding that Qubes OS was designed for security in mind, not privacy.

What if I mute my speaker?
What if I don’t have a phone at all, or one that “reports back” (unless infected with malware)?
I personally would be more worried about attacks that make use of a “noisy” electromagnetic environment, addressed by some rugged machines that meet the MIL-STD 461 standard. Again, this isn’t about anonymity per-se, but seems worth mentioning.

Yes, I’m sure that if I ran an application in Whonix Workstation in Qubes OS, the application would be able to read e.g. my keyboard layout, my dom0 timezone and other identifiers described 2 years ago in How to hide the fact that I'm Qubes OS from Telegram - #80 by aronowski

Qubes OS and its Whonix integration are free and anyone can download and use them. So let me ask for the third time, how can a service, that I’d use/visit through Whonix Workstation in Qubes OS prove, that it was me, if no personal information (or other identifiers) has been provided?

I recommend learning more about Signal’s purpose and why it’s internally named “org.thoughtcrime.securesms”.