[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] bridge:// URI and QR codes
- To: Torsten Grote <t@xxxxxxxxx>, tor-dev <tor-dev@xxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [tor-dev] bridge:// URI and QR codes
- From: meskio <meskio@xxxxxxxxxxxxxx>
- Date: Wed, 20 Jul 2022 14:01:46 +0200
- Autocrypt: : addr=meskio@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata=xsFNBFHuRRoBEACywyeZyD1W2IGdToB6U7nbr2s3Iva7xiCukUH4i9C4nx8hxXeSlVPar6fMZbIA0co8Ruah3cxc2ZGx+U85OaiOkerovibaZwDgB3LQlSUsDYj2X+tKU2u46S62FlWBwgIW/A99W2xYIhMVFG+JMZFzPuLz/rSPJOzwpXvA8BIFKVHMtg7GyG1I8rjwUImFkjPOWWiTg4VdXFuILQ71rxLYfNXtOrBd/o5do7EAn3/RAzMvvcso7WGCRtgjtv7XCCE9pNYNKNnRlC28pe7K3zj3wgV1vWV4CXZoUUyNsmj7fM4XyoMoKx6omRT2oQw8dCYljLqROptvQDQGfKxntKSZyWmONv9LHIwTCTTSQtNR3wzcjKyjn5EQqsW8mpXwYxkhqCWA2ahx7k+uik6TjHSUW1PJJ1C+dIBFZo0bEV9HvoSPIUCculy3IKTV+97DS2a98ylunGYe94yTSr48MQZ7za9haXtatUbWybFTG2mi46PFPIcbSweYtZbDg6vFkwjJO1EQvCu4FFJtFzdFkQ3uW6PYVtg3t9BSUjkrLhQFmkEoN1SxOrY2vZfusbSIlVE3KLEsKx3FUXjOODA2xtAGpcbXFvlLBrHYAcyK+YSehJ9p4dW3WY4UVUdHn6Jt8pUaOVSIeqBhcJfgI3r67NQyzQYoKGzLgFI2BfNt4lFXYwARAQABzSRSdWJlbiBQb2xsYW4gPG1lc2tpb0B0b3Jwcm9qZWN0Lm9yZz7CwZQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQHlI/6ZBYKQlvNJ+rHMrHRwo9OLwUCYGRG5wUJEjhozAAKCRDHMrHRwo9OL3KtD/9lJUVcyPENYQtHN/bbCCYWl2lLWzVATGdhh+DhDbIYxwuF6+3DhUi1hA 00egydI7qQoKnpe6AUX+kYkOvQeQGAm5msI13shZmadKHAP6uKbCqwLW4ZmSJ0pGQeNgQxEsZYOoDL12NYZakhUyhQiruj7Wffbn7FCCa7L7diqRjzCkZdRxiaR6jOG5VRdfkvgXXoMh1Mzxh8m0KBIBEsryhUberxV4KlBnvE2ynAzl+jrTJEqif7cFGsO5u71nrHCsInFsmK4qh9WJyaqFpCGvwKWIPpRbqncMHJMVdE9ExPvvjlB3YM+YRX8U3EJpzE8oE15X2SAEXgYQECehz2S1K7JCC9VHwB2Ct0yJM3KMSzakNjBvJ+x9AcxmOv/z0KERRpLThAB5Fnmht9bD5w47t7rxkMKZK2hMgkOpzdz8WnKvZFZtr0/+jkme0CcixcC0qCYa+XPuTLKomyGuuI8dvcZOWsoMcs6LimMEVdvAXOYiNp2LecL3TokrQngc3WNBiCAV8E+zVIrBMRWKl2oXvW9xqPD7fVpYD+ObWpy9HfUcaQOojeeOusVukEkKikl20TJIOwwP+PvJUmpezHURVkPm+pSUOftoJffRy7D8hcJo+a4hasGGkWHQMmbvwqcyjGhJOyPxNoQf7adiyIfNmAt1YHGABY2LShMs0i7I7gos7BTQRYW41XARAAoKxj7hf5PTZTA9GuZo2br3xqJGptysjJ6KbfMR1qanH5atKKBSEgKUCpBb4ojZYofGZpqwf4eBKqoarP8hx39y6kcnHZoHPPPuibjs4/JjpTqIz3pS7dmvK8nfGY8EE7FUNkLxJHenJ14gXB2QHdV22vkZhIUGT4l20IP8sg5pHVwiRaVT9Fc80YkDa+rpNWl35hquuLXPnCfcFYdjcF4srOlpLfajes4zHfHZAQ5VJbEY0e7AL/R+XF+7E0aZxiJvZCyHWZvyPSui/x5dOho3+1KrP9tj2679MUK8PKYsyH76Z9/urIzzXPXqnZvR99q/HGFAFMfJ7CZG8/r1siAU3G4ZpvNfcJFJT 7rzhuvky+yE+1h+gzFRGUHyiH9FHyecv4eA09ZkgXIkMpLjWKQ632xr668LOYeX6JXQs+oNZq2kyL9nDVBFGhuTl07ZpvRX1+oOUmkGLe1UEZtN9CztTxJ8UN4q8GPBzcNsfYl7q8Kiu4flacb63En7zxUx/jNJcbyA7cal1VJlVvGcBtPR2xkTrK+Hs1rhKok70ix7j4c3Uwj7TljFdl5nlz6shoa4aOiTQPLGGVIwfpkgWflvS7mckKsuAyRP56I5ynyncZ+d3cGGiYZPpxaASn5GUIwwNVjttv7apOa1dR2P+UHhivMvx8Jk7leSpx/UDKrUkAEQEAAcLDrAQYAQgAIAIbAhYhBAeUj/pkFgpCW80n6scysdHCj04vBQJgZEb4AkDBdCAEGQEIAB0WIQSzszp/9mlfNcwBBH5SuPWsl6LahgUCWFuNVwAKCRBSuPWsl6LahjCmD/9/5tOaeGgLhpYVB9bwTPlpmdOCpGS/5OB0fBYoKCl1VWl6TAdqOs5UJVSMvU8eCkXzPln7/OmRXlWMRLosdjCG2Nv7/kCoZw0WbLgJFBDVwZ7FfyDQnlKSkULfbfTJadSKSkUbWhtQOUBzVPTN0M97WNGXKdMV4vU3NGRPJvfpRMOcjMEiPDU5+WEm9lFv736ahGFa7IIlpjo2Mziw6D0tF9vIETuhUElJes76fikO7pIqAnHvX0pDqsGvAX+61vRQjQ7wwv567Qj8Kl0lW6XODsEsKz2b6ipwisbm4wh56Vj2nHGTypKZxFg0ZBU62Hmlh16HLsPqtHTxBZ+VSvGuZyhjrrwjPLhul7vgZ4XXu6NR3Jn6Kni9IZxk2FquPx1R+GCb/00dZamMs9G4P1NFkPo7wMPRl6uHOqj0gRmF5cqHUBD7dGXS7Cl/5HyRD1WJGO3E+gC8ZTTyeUb50InDktAc64Jx/Tf1xbXR2at8v9yD0wS/JO6GpBUJyVWA0e8xrMlEcU96Bgah77bawamD ymr9kJKo/+H/+NZkm68squrVyF3WcBWRZa0NPZwqAF2DYrq3dLLC2gu8rD0l2XCMP9dTtGUnMXlpnT4aXLYqmz+QAK519zSS9TNktJQyRi4ZoxEOhCRHpHYheBOf5S8sr8vcleedeyFnt/WJ410SfQkQxzKx0cKPTi/RLQ/9FG0wGxb3qnSAdkrXaGFE7tVvSWbKM4mrBUqL7IzFgLtO+B8vHa/G/gERb48bSMmBqOyAhS9QWBsOvfUcK3auZbWX+z2cAMr2V6rOrSeerlK092Yl+UgNay82iwKZvTJwzMNN24TPfP/IweRpxZcpwkjV8sjyxfQoOgFJDpqB38rvwQunf6pwC2J3pj10fQtsOOVNGIMn8S9CWCdkC4pquFOTgtmqBfF0uX4hMDshpifFpq05GK3WZDYXLMa1D7bW5hSFD7WwSrgKlG7Hm/ypP45mSif1cZQHRFZze6kKEvh6rl933UGV5daI5phhHsPDDgXLmTjUJ6AA9QcMmMgnqmoGYS6orHgmdWTaKLaYiQwpNN+1LxR8Nk5tyuiQ2XlnyLT4ozEGdxqxVkNbc5dTxBFtONDgwXc3IVU9k1AywKQgncJGltHL30rNGi5ECjo/KvXNs1U8OwiE7up+/z0Y+rInM0dNGicEiC6jnlPHP62mxsBJHfoScrDs2zG+WA4kobd3AX5LpShGnya1LrA/43R7Oex1PhaV+EM9giLUYCnYk1kcUdSpF1dKLEQT6SbE86SHNceVkXg29ZvfhVjhnP0h+NzGa3BQDu7OSO7u2W5yN8ommUlToe52ot4nZI8oWKN8WgrJD8xEDCiZAiCXRilXygwMcr1isfS8rHZb73vOwU0EWFuNLwEQAMV+8pJArzRhrgIB7IVOz/rBkfu7xE4ZB0EfxuRnhYqyPyIcGMqcdiVRZuuBmeBzbDVctNXmHF5spWJImUtJTJNmvhWrJrRrwXobQrZHVqkSb/n4r9hCfSohDEvqFdFfjk+bj kRuJyGYIxEe5wrTEVk5AletiNO5bwnOM7bdwKkY11F2QmOBWkKCfUZ+PMkdgNyoi5WcHHjWDj87lpAY1gHT4dQbW5GKgGgae3mBYj81mGCFpYxn+6XGMeQC7avCk0hsdv7m2dL20dBuDI0bnAk72r2GMn/3JF382DZIMu/QyRXWSOg2u+75HLf56QUaSpxbZwY/0E0U9FNkqtFnGIdlz8dVMhwJjFXDUk7KZMGWeTqzio15LS7yJAnE1m3FLJYZ7RESYgqWJQ0etp04KF+vctb5ZTV3Q5lK80djikIApxzlaNs88eStn2yK6TLvym75NxciiDJUKO9QFpsBEv3EHXaYMk+4ayMvkGQ7uVfFuK3SbtOEJIby+UmPzuLLsIcxfu6G+AP7E0+uWSdq/B4YpSzQzsOh7V9c1YE//kLFd7m+/U0mOJc/t3kBiE+PrhQz58EMUdAkG2PXDj7cHn06kYqN5wVGYQ1pKpnjXtQs+CNYkEPxgNhfq1no4dzqKx34R8NotMQAK1uJKB9CV244Sc/64jSqD7wvgRKZHpTJABEBAAHCwXYEGAEIACACGwwWIQQHlI/6ZBYKQlvNJ+rHMrHRwo9OLwUCYGRG+AAKCRDHMrHRwo9OL934D/92AibUGikLao4XDBcvl6w4VBIPNgmaXGPJcwlMdB0JJCRwIoYoMqfjHbw5xeJI8ASBxRM3dkzr3oEXyFYsrbyGiRxBDQJ/3YBwZqVcIirGAqHUdP4sqxyJfjwMYSN54kKkmv1wOAmC59S28U+LhpTkUf3ZaTrUPq07hgFkrzbp3pSnj1/8fcW8BfByV6nuXFGuRfqND5gC1OvFELLP2DnSerroGMnpxjTN/KRzGhMxSeqg9WMK0rDseLmcZomtkKbmQZlDkdZxBOif9ilDvwQf6HJ3H7vLb9LFtL3XQ1OQeEejHtw1lsOqfBk+Ba8LTTh/HN2Vwd1P2l3TmWZBuurr6j0Cxx7Tp9R/uj1wz//sou /9DkN/YZlk0AYh6xn+oSOqRTPlwhNAVeq1nsw/GRoT/jAuocj8JqgQGQNjbeZxS+x1jMbVDSiwmluNWJdljoY95ufRhBBykVWLjoNVDJa8+ac0GGU7HKkBHjXzTYn4XLf1PNy2i9in2NAUsP69knHTA/rLASiUkfKHrPvK9sZB4EjV0C7EiGkYXD+DbGTH91SVUF/p2JwaM7UGAou/EZzVt6XgQw+Af9ru/coJXpKvnYaBWgLCkRF45AdbspwottaxPuP6JagLG6Erp9c3V6u6ETv2bI7OVnSy8d7Eb/K8t782/V0TIuO5ad4Q+/6myg== '
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Wed, 20 Jul 2022 08:02:11 -0400
- In-reply-to: <2171285.DyMDfk1abI@com>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- References: <165816284178.3197.11555974087175189132@localhost> <2171285.DyMDfk1abI@com>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
Quoting Torsten Grote (2022-07-19 14:54:01)
> On Monday, 18 July 2022 13:47:21 -03 meskio wrote:
> > What do you think of the proposal? How can we improve it?
>
> A slightly unrelated question:
>
> Was there any consideration about deanonymization attacks by giving the user a
> bridge controlled by the attacker? I worry that those get more likely when
> getting bridges via links and QR codes becomes normalized.
>
> Apart from the source IP address of the user and their Tor traffic pattern, is
> there anything else an attacker can learn from operating the bridge?
At least from my side there was not consideration on this topic yet. Thank you
for bringing it, I think is a pretty valid concern and we should do some
planning on it.
I wonder if we should only accept bridge URIs/QR codes when the user clicks on
'add bridges' inside the tor related app. Or will be enough to accept bridge
URIs on any moment but communicate to the user clearly what is happening and ask
them for confirmation. We should never change the bridge configuration silently
from a bridge URI without any user intervention.
I think we should add something about it to the "Recommendations to
implementers" on the proposal.
--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
Attachment:
signature.asc
Description: signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev