> On 7 Apr 2016, at 23:53, George Kadianakis <desnacked@xxxxxxxxxx> wrote: > > Here is a non-smart thing we could do: We could prepopulate our sampled guards > list with all the possible guard types. So we include an 80/443 bridge and an > IPv6 bridge and an IPv6 bridge that is also on 80/443, and any other thing we > can think of. Unfortunately, this would greatly reduce the diversity of our > guard list since there can't be too many guards that are IPv6 and on 80/443, > and in the end most clients will end up using the same guards. > > It might be a good idea to enumerate the guards for each possible filter we > will add, and then calculate their guard probabilities, to see how likely it is > to randomly choose a guard of that type. If we have filters were there is only > 1% probability of picking a bridge of the right type, then these "your current > network settings make it impossible for us to safely choose an entry guard" > messages might appear more frequently than we would like. This sounds very much like ticket #17849. On that ticket, I suggest we use the current IPv4 FascistFirewall proportion as a guide to when we should warn the user. But we never considered failing closed in these circumstances: what if the user just wants circumvention, and not anonymity? https://trac.torproject.org/projects/tor/ticket/17849 Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev