Re: [tor-project] Many obfs4 bridges with similar nicknames and characteristics

[David Fifield <david@xxxxxxxxxxxxxxx>]

On Mon, Nov 28, 2016 at 07:23:16PM -0800, David Fifield wrote:
> There are many bridges in Onionoo that seem to follow a common naming
> convention: two dictionary words concatentated, then truncated to 16
> characters. That, plus the fact that many of them run on the same
> platform, run only the obfs4 transport, and have related last_restarted
> times, makes me think they are somehow related and perhaps malicious. In
> a sample of 200 Onionoo bridges, 19% followed the convention. I noticed
> this by accident and I'm not planning to look into it more, so I'm
> dropping notes here.

I managed to get one of these bridges (nickname "thirsterworthwhi",
hashed_fingerprint 6FA21996A631A9E51A53E4867E887F95BDD1145D) from
BridgeDB. It is running in AS 14061, "DIGITALOCEAN-ASN - Digital Ocean,
Inc., US".
_______________________________________________
tor-project mailing list
tor-project@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project