[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
- To: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
- From: "Nathaniel Suchy (Lunorian)" <me@xxxxxxxxxxx>
- Date: Sun, 29 Apr 2018 15:41:47 -0400
- Arc-authentication-results: i=1; auth=pass smtp.auth=me@xxxxxxxxxxx smtp.mailfrom=me@xxxxxxxxxxx
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1525030917; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=cNFh7mrC89glUgwppYHrhsB+zQIAsAPRZhi0FZPWShg=; b=0JZtHyPhv4xXbMwOyWp4xFWieDoolElBWcqi3+zFOzNIeeCT4MVssOl649dcomdgeXnInz 5e7zO+ZGVebT32l6ypfibGfnzO/4Gx4Bwbwed3zA2+9hS7kgKeaW+zDEC9L6sO9GsVMpyf i2t3olQNKVCGWHWhwL2VRGtSeC+cYKfN2xOQjNLI0mRyocZV0iarhMHhsTAKd1EL47g+4F lfYesMrKIQbta9SHnwU9uE1oaxWaVS0VbF/xQlSo3Vuqr3vAqI4PKopGMCBwzov+OPk5no gsmgxUyvV/hGnpfI1ExLp7tk0qhEPFL9qPNWMVQF4iVYkiwMteFs7kLmKKdT2A==
- Arc-seal: i=1; s=dkim; d=lunorian.is; t=1525030917; a=rsa-sha256; cv=none; b=LntY/0kocCV7o9ILixSgpAuntPBE1Q0KDmW7hcO+tKSROuFMcEiIotBj7rBVrLAa19yBqPsVK+Tfz4rajGR51g0n8LINvGmK6tvPcpQ0+HONPULwbD3b9a58FZkOLKRKfME8xXBZjgeh0J3sCqQIoiJChmC5okkOEQswNf8niVw3sz0/BtqOfd86w9AuKPwWVarfxXmJdMocG+Pk3biFWK+H+8yIHsadwbiJyYKGBJ9RtfGMEiDqZV37MWzZayukPhff3mna0KTxwB6UQe1VBJwI8xcHmcETyoxjaPDCpYyp7ZIQuD//vU152ALrx3E4utna5k93iicrvcl+X/dmzg==
- Autocrypt: addr=me@xxxxxxxxxxx; keydata= xsFNBFqE2wkBEAC/GxQ6HUGzogvdh6ofRRHcC0a248dLnGM/DyqotoHuQlIdpKJWsVMt5GLA rfg03HipWRk0C8ClPM5PJoUonlm//cmX1tKEraoqiEA1eDYK2BqGXJmhMosn42FpGg6h2BXD pOBcMCFPotAxp8ZeKIw8mwXpC/tJ9lbiU2t5wSJoJFrX1ZVwOAdaANS7FX23OVm1b3KaAR4Z 7qo6JGcxwrGwkk2hYEg5Uam2+0EIEWwh046wlimO54nZUkvq51/5UkuR/eog9hfwhqOomjDT JSn45443lsxChDPCzwUTXpInRWQlSKFQQCe+1TuOqOuIXoDcdYSSUgCxmUmw8Acy4zcRDLrV s+EeI/8tLkPVb2duXLzUIPX/I4/tcxTYF7tGG5z4g1kgDKMQntcWv4UYAEVgaMOD6UQc/EWX ugVrShWInQ3zswvVsH3DkLmYG8QX4w4YLTpb13ICT23b30Q6g0KRER1n3OovhmJihby2tGlM xgNUqE+JHw6VtJdpEYJCVCX8HUuQilrCWzIaeGC6wvJpy3DukVB1PRiLDYODGF1TZTarryAn uznDqi1JTpbF2h2YoRThj2cOa1+FItVcSfrVosdvlO7Ttj3dC5i7TTfrCBk8DxW2k72rqtcC tz2CuGmRBpmdlXUGFdRLck+qc2d78sGRWLR/aQ1nJGu06MTZ8wARAQABzSBOYXRoYW5pZWwg U3VjaHkgPG1lQGx1bm9yaWFuLmlzPsLBlAQTAQgAPhYhBEdTkX7+BHbOmAoeivM+9dFMIjmS BQJahNsJAhsDBQkHhh+ABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEPM+9dFMIjmSL24P /0j7tkc38Sy0417REtnyXekD89tHStMYfU5hBYkKQC6X3iaG91FQ/P7rdWvdZx5XrZBDAuJ6 MyrbprPfygqhwMsxg7VIRhLf2SCnpAqGKjlYdSyOPBlnBpEGjCPUw6i2EJZuIwIzVboGbvCU R8KNgWtil1wRAJURD8cHWwpciH1zfWfuIZdErN9xXR6IeZjxop2BqgzmgFJMLsZT8NVIJbzw YOeqAcA926gAGVZRMkYLFSSQ6R1+xmLJekDgFQYDB+oCdV7CqkDZz2ExSNVT1AdcM4BFRxuc CbqZluk58BiCqXEkUUVhXeoo3qCkRpP/vxoHj6ScD66VbbUF6WbPBymoP7Z8muEFBXxP2EdU DlQ0tNv8tsVineFOAKFXmnq1sRN8y5q6CsiOEzYGE1zyt3GcaI+8icU61WyPFSPnbP1wwkv4 6MSmx6HGc2d6qQWjIVfcXaI/QH7d4G9nx/4NvhtM6af96PsVfW5lZQ2i5CB6hKEijMMsB4sL BfvUpRDuBYREFOsNhASd9OFEdNalvnbOeWJqcTvh2F18WJFkaaNT0R74zS2HjCVlOtJ8CbvJ 5M/3oVb1gGXX+l1kQiUdMC493BrcJqMOWnRQ4Kv8bzEERhFYzOA3eSNjQjeHbPFhBR9kQd32 zMoWoUlMTQs7DwpRfBAwahcIllA2sjcvJBD7zsFNBFqE2wkBEAD0vhAUYWoAsyfOWO2ouFU9 n7CjDtLmDoFKiV4JnLvurgHa2dZa8+Wo6F68IVCmWmaQhoBBr55ucjUogCVFlDiL4EnA3B/2 KyU502kfu0pSfDUI7hYYlc1D0RS8N6otEjNAv+0cpUHfMHzP1dUQ4voXCmbI4T/S6cXI5oTz 2NW1jL+MNgkndsq9w/+DNWvCdNoGGSwCFSSp7mEMZiYtrlP9uBZIAHlYfuj2SB1aVUBhNIr2 /ELvR1ozZSmYoucODWleQPPNxOQXpTBBssBCx1wAfGywU0VvTgfu/fbYmaRI6/IyXMUqeoZH nVqujfXByNwsKGTA0FlOxtlv9e2H8I8FXRgcJ/07yjjzLMIbrnQ77QIwI3igUcTo9kOOzXcb X6w7EznxDr9GsTwf6VmntUungmYcH6lLua8oBnums9ZV6PS7ajBbYyqndWJD8IpTpwloyVym b5tJfkWmfX21GPnIecg2cBOgpv3i12fX1My9fnigFikwr28fYjdPkHh9eg8YXROAgc45+Hrd f0eo0Bhhp0yIHdBzanwmBsK5qFieB/WEcydtMzdszRStIEY4E9OUIlz/v8E94sM2NeKwhcyQ F1IHmdb51pnjZWjHQs9tFnDWguYYQq5P+ntqKIjC8bSEnew6llra97ZFqrwusX4mlMbG5Zbs ZrgJEZ7sbsDumwARAQABwsF8BBgBCAAmFiEER1ORfv4Eds6YCh6K8z710UwiOZIFAlqE2wkC GwwFCQeGH4AACgkQ8z710UwiOZLCBRAApqtfcSPM74tTyQITmXUhxxXeundNDb+KVpeY5CsM tnykpor/wU7h8i86346T2gvmB0UZ7LuR3t1Kilx8dhIdPBVBfOYmnlTipnHHKIvRIe0rAVmH +StJaU0Ll4goG3k5B/AiSztClw4UoEMYUAL/5ONu9W80oyr9+lFPIL8o1sVHQwkOxHx+lIiC FsGH8K9FDIyUFjrPGFAExlUN8oou/RblBRqyhUG3OzSKhr/SGzgVNZivCmrf47WhlbMJd3ZS XWuqlUoYD67oGPZISCAEzjhtOBNInaG1bxTmGT4aPC+wpU39DgIVNhfORP0K8OkACTQ7WUFD 6fz+3ww1zeajebO4Fo0qX5p8qj89pQpav2e6YgsyLARFOVw3Y//wJxKo3QMdUrllcj+YWrII uBsLDMowsjVaxAPfrdV2OurI7swyNZwZFv1Olqzi5DWqLgQt5RdsW2R80RxK5eHG+FBbgfcQ hSx/zl0IGeyd4RA1WBNiedXKPiEFdWe2mz3LZi2rbpQ2KQ8qB7Sf5wddAeJA99XAG8rVoRCS DV4OjYi2H6lgZavYOjEtkHaJgOlrB3LxEUABSWl93WqKjco9t+GyLU3sh0jEhBRNqPUm49x7 miuumoH8Tj6MogkJwNy6Dw+IuD5i5Bi5vrq7o16/aCi5J4AVdnkinPum40NFR7qgnU4=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Sun, 29 Apr 2018 15:42:20 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1525030917; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=cNFh7mrC89glUgwppYHrhsB+zQIAsAPRZhi0FZPWShg=; b=tm5KX/2qOhI5A4ddFCa6Q2hECNG9d+b9qOx+2Ek6KKrnRlEWqqOPhHnShzG3y0+rREwull DtfOx2kadGPwrkrmFuhZ/8i5VFhTPBLRRf5kbKjOH8wwy0cerOcUyQhZVpdFVPAM2a29CT yzyucI1C818/EnjrPMfTu272RfNFcNGU6m6n1qqhUWzpbER5uC0loXTzALwtyNXxkbzwXr 6WQmbS+vsxay4OzLR4huZHkkWV+DmhNdXOUEbZasejoHOf9Wy0XfSv/qtIzjonTItXVJ2u Rb8NWyOox+EvTA/KtGJXmA/9jNDYUCOFEUYjeOWpogxnkCfkBDuXqOr7EaExyA==
- In-reply-to: <20180429183610.s62ipgzr4ug5s2ie@localhost>
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- References: <7f58c879-bddc-1e33-e86b-4edde85bbeef@lunorian.is> <20180429183610.s62ipgzr4ug5s2ie@localhost>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
Thank you for clarifying that. The obfs4 bridges you can get at
bridges.torproject.org also pose an interesting risk, the ports each
Bridge IP Address is using seem to be non-standard, I'm in the US and
most networks I am at do not censor although sometimes certain ports at
public wifi networks are blocked, could a threat actor threatening you
or tor users in general realize an IP Address was a Tor Bridge by
identifying a large amount of traffic to a non-standard port on random
datacenter IP Addresses?
You can tell Tor Browser your Firewall only allows connections to
certain ports which I assume when used with bridges would help further
hide the fact you are using Tor.
The fact I email here obviously shows I am a Tor user, although I'd like
more technical measures built into Tor Browser to obfuscate the times I
am using Tor.
Cheers,
Nathaniel Suchy
On 4/29/18 2:36 PM, Matthew Finkel wrote:
> On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) wrote:
>> I see that Tor Browser, for users who are censored in their country,
>> work, or school (or have some other reason to use bridges) has a variety
>> of built in bridges. Once of those are the OBFS4 bridges. My first
>> thought would be these are hard coded, of course giving everyone the
>> same set of bridges is bad right?
>
> Currently this is how it works, yes. It is not ideal, and there is
> on-going development work for rolling out a more scalable method.
>
>> Then a bad actor could download Tor
>> Browser, get the list, and null route the IPs on their network(s). Also
>> these bridges could get quite crowded. Are the bridges being used to
>> fetch other bridges, or something else? How does Tor Browser handle
>> these risks / technical issues?
>
> Indeed "Bad actors" could block the bridges hard-coded in Tor Browser.
> It is also true many of those default bridges are overloaded.
>
Attachment:
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk