[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
From: "Nathaniel Suchy (Lunorian)" <me@xxxxxxxxxxx>
Date: Mon, 30 Apr 2018 04:21:00 +0000
Arc-authentication-results: i=1; auth=pass smtp.auth=me@xxxxxxxxxxx smtp.mailfrom=me@xxxxxxxxxxx
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1525062075; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=G/zeAgF/a50kUR/p5rZfZ0/tkpOYVs5K0387LUjgJBA=; b=EmBYEX7iLcC50JcYxGKRMkhFLFIdx8xMxQzOv6yb6CVCC25clw42xTf2JXUjQihqXfcreA ec94kIrBj2t5bWL7Kx6RBIkJZquYmGVLkNSg6DMGWdhrOJBz0jDt5ENz7EGeSmQi45fKXg NUm1BEz4wsp9mI0QEY9RBFEFTLDdyfPzUBzeDwyOboT1tkaO0HBJ0RVF9Q0p3MXWpN+Enj s1Pk5jjrfFvcDapk3ALyVy+jCDow//C6V6L0MTZdZDhDnlqv4uurzOJZjBh/kp/IQxWkte HJ8y94m8eCIA+m6K2kxNu5We7KkH2fx/gGnKKBURNZQOTHi6X1uz9Tg4LdcTmg==
Arc-seal: i=1; s=dkim; d=lunorian.is; t=1525062075; a=rsa-sha256; cv=none; b=yAID+u/vMpUtdRKze1r/SmY7wzr1oZ3tG6D01TVYf2Qs38Ml/9h2aWOjAWWfl6/roBL/p7WKVhupD3BYc6F+r3D1qW5g8aK+EBKPskzxE9ZUogy6zrm53QUL+7f2CvXGtSM1XcGpdDU8ICCddJtDJgAmSqx8pCRdmrLi7kI8WpCaJy1zaEv82halRQdx47p75YxMQe/qWBvKnOB+NnlDmL5Qx/OuUuaRX2B5g5DGYl1fcHJqeLDLD7yfWdRw/AYZBTjEubDmi4irk4yqwsODInxH2I7phyTP0osW9HWw+uXrkqOpVYNoUhrkLhiLqKM03MT5O1uw0mGU++92CRG4HQ==
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 30 Apr 2018 00:21:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=dkim; t=1525062075; h=from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post; bh=G/zeAgF/a50kUR/p5rZfZ0/tkpOYVs5K0387LUjgJBA=; b=W/W1Z9TOr2VO7+PZfb1aXF5mJ91GbBwIH/ZyPDxO4XSzqWc1L3i9aO6obNRrA9ziHuf1AP BKR6p7S+2pWuwCB3WoGm5DpwBrIkFEibeedvsaP+gC+tDzAWel4yiF95OUNtbeVGyNeso0 ZPgQy40T6OPIz1dt6ZkN8WabNZZBTYgSDKy8o5Ct7YCx4+qGcnB9dpE8DegJJs76ZekTLy fn3bnewuIC/g1LQCQcl1QiqRH3vxdsZ/n74fHRZuUFxX9h1mPJkK3vTPYqbgw7+E5uLsJV pBzRDPFb8xZipR+f5v+qXrYts6Of3XSFMgD8BckgwsOsR+JHS2aeCYWg9i+rNQ==
In-reply-to: <42B3CD3B-0960-4CB8-B29C-B7CB15491603@yahoo.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <7f58c879-bddc-1e33-e86b-4edde85bbeef@lunorian.is> <20180429183610.s62ipgzr4ug5s2ie@localhost> <8e873206-82b5-310c-2367-a7f474faadc5@lunorian.is> <42B3CD3B-0960-4CB8-B29C-B7CB15491603@yahoo.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

So the concerns I brought up are already addressed in an upcoming update?

Cheers,
Nathaniel

Jacki M:
> Torbrowser 8a3 added moat which I’m actually fetches new bridges, without requiring you to go to bridges.torproject.org.
> 
> Bug 23136: Moat integration (fetch bridges for the user)
> Download the latest alpha https://dist.torproject.org/torbrowser/8.0a6/
> Remember this is an alpha and should only be used for testing purposes, moat should be included in the next major stable.
> Sent from my iPad
> 
>> On Apr 29, 2018, at 12:41 PM, Nathaniel Suchy (Lunorian) <me@xxxxxxxxxxx> wrote:
>>
>> Thank you for clarifying that. The obfs4 bridges you can get at
>> bridges.torproject.org also pose an interesting risk, the ports each
>> Bridge IP Address is using seem to be non-standard, I'm in the US and
>> most networks I am at do not censor although sometimes certain ports at
>> public wifi networks are blocked, could a threat actor threatening you
>> or tor users in general realize an IP Address was a Tor Bridge by
>> identifying a large amount of traffic to a non-standard port on random
>> datacenter IP Addresses?
>>
>> You can tell Tor Browser your Firewall only allows connections to
>> certain ports which I assume when used with bridges would help further
>> hide the fact you are using Tor.
>>
>> The fact I email here obviously shows I am a Tor user, although I'd like
>> more technical measures built into Tor Browser to obfuscate the times I
>> am using Tor.
>>
>> Cheers,
>> Nathaniel Suchy
>>
>>>> On 4/29/18 2:36 PM, Matthew Finkel wrote:
>>>> On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) wrote:
>>>> I see that Tor Browser, for users who are censored in their country,
>>>> work, or school (or have some other reason to use bridges) has a variety
>>>> of built in bridges. Once of those are the OBFS4 bridges. My first
>>>> thought would be these are hard coded, of course giving everyone the
>>>> same set of bridges is bad right?
>>>
>>> Currently this is how it works, yes. It is not ideal, and there is
>>> on-going development work for rolling out a more scalable method.
>>>
>>>> Then a bad actor could download Tor
>>>> Browser, get the list, and null route the IPs on their network(s). Also
>>>> these bridges could get quite crowded. Are the bridges being used to
>>>> fetch other bridges, or something else? How does Tor Browser handle
>>>> these risks / technical issues?
>>>
>>> Indeed "Bad actors" could block the bridges hard-coded in Tor Browser.
>>> It is also true many of those default bridges are overloaded.
>>
>> -- 
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Jacki M
- Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Matthew Finkel

References:
- [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Nathaniel Suchy (Lunorian)
- Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Matthew Finkel
- Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Nathaniel Suchy (Lunorian)
- Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Jacki M

Prev by Author: [tor-talk] How do the OBFS4 "built-in" Bridges work?
Next by Author: Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
Previous by thread: Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
Next by thread: Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
Index(es):
- Author
- Thread