[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] how bridges work

On Mon, May 07, 2012 at 04:01:13PM -0400, Tim Wilde wrote:
> > Thanks for the reassurance about the process. While I accept the 
> > free-speech basis of Tor (that "bad" as well as "good" guys can use
> > it) and the assumption that the network is overall doing more good
> > than bad, I've been concerned at the high usage that my bridge
> > seems to be getting from Syria (& China) when, as you say, at least
> > for Syria it's not necessary to hop all the way to the US to reach
> > an entry node. Maybe I worry too much, since it's neither here nor
> > there to digital comms how geographically far away an entry node is
> > from a client machine.
> The average bridge user likely has no idea where their bridges are
> geographically located; they simply request bridges from BridgeDB via
> one of the available mechanisms, or get them from trusted contacts,
> and use them, without worrying about where they are.  So it's not at
> all surprising for a bridge in the US to see traffic from all over the
> world.


Also, using a bridge even when you don't need one can
be a smart idea for improved security. Point 'e' on
https://www.torproject.org/download/download#warning says

|Tor tries to prevent attackers from learning what destination websites
|you connect to. However, by default, it does not prevent somebody
|watching your Internet traffic from learning that you're using Tor. If
|this matters to you, you can reduce this risk by configuring Tor to
|use a Tor bridge relay rather than connecting directly to the public
|Tor network. Ultimately the best protection is a social approach: the
|more Tor users there are near you and the more diverse their interests,
|the less dangerous it will be that you are one of them. Convince other
|people to use Tor, too!

So in certain places where the user considers simply using Tor could be
risky, using a bridge can be smarter.

Of course, if you're in this situation, you should also consider where
your bridge came from -- if your attacker signs up hundreds of bridges
in hopes you'll pick his, and you just choose a random bridge from the
set we give out, then an attacker who otherwise wouldn't be able to see
your traffic could get to see when you're using the Tor network (even
if the layers of encryption mean he still can't read what you say or
what destinations you ask for).


tor-talk mailing list