Does generating Tor noise make Tor more secure? : Tor | Torhoo darknet markets

There is a lot of discussion abouts if you should use VPN before Tor and you should research this more.

The issue you are describing is something that a VPN before entering Tor would fix. A lot more users use VPN and they have legitimate usage where Tor is associated with more illegal activity. You can pay with cryptocurrency for almost any VPN and some have things like "stealth protocol" or various technology that acts sort of how obfsproxy works in Tor. Some VPN even have some features that protect against packet analysis by making all your traffic the same size. I would research what VPN's make most sense for you, mullvad and protonvpn get recommendations a lot but you need to research what one you will trust the most.

As /u/rmrf writes there are opinions about VPN or not.
Likewise, opinions about random noise or not.

A modern network analyzer uses package sizes, timing, maximum package size, etc. with pattern recognition to judge which site a particular Tor user is visiting. Each site has a unique set of HTML-files and images to be downloaded to the browser. Depending on which browser the user has, the downloading have slightly different patterns. The network analyzer must therefore both guess which browser is in use and what site the user is visiting. Darknet users has limited options and majority uses Tor browser, which makes life easier for the analyzer. These patterns are more distinct initially when all images and pages needs to be downloaded, latter in the session, cached images and pages makes the patterns more stochastic and harder to recognize.

For example, when we visit Dread the DDOS protection followed by the session assignment and finally front page download has a very distinct pattern. If there is no other traffic in the network from that particular user, the chances that the network packages reveals which site the user visit is relatively high. In combination with a timing attack where the site users activities are matched towards the observed network activity, there is a certain chance that site user can be uniquely matched with Tor usage.

Therefore obscuring the initial client-server interaction with random HTTP requests the network analyzers will have harder time to judge when the actual interaction starts and which packages belongs to what TCP session.

So, what potentially works is noise that opens lot of HTTP connections in parallel that returns different sizes of packages. During this random noise the intended site is visited. The rationale is that network analyzers can't detect and distinct between the TCP sessions and can therefore not with any high probability guess which site the user visits.

However, this is a poor mans solution and is not bullet proof in any sense.

Other options are Mullvad DAITA that do network package padding to a fix size, adds background noise and modifies the client-server interactions. Tor does not have corresponding obscurity features. Drawback is that the DAITA traffic is very distinct and an ISP can therefore block such network connections easily without disturbing "legit" traffic. (side note, some ISP:s has already blacklisted Mullvad servers and semi-block the traffic)