[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] MITM attack on TLS



>
> > SSH is probably more dangerous than OBFS4 because it coulee be detected
> with a DPI fingerprint.  They might question that.  I think Tor with
> transports is good.
>
> On that paranioa level OBFS4 is as dangerous as SSH - it doesn't matter
> if they see traffic they can fingerprint as ssh or they see traffic they
> cannot fingerprint. They get suspicious in both cases.
>
>
Personally, I would think SSH is much safer.  It is used by IT people all
the time for server management, so they will understand it.  The
destination address will be a cloud server, which you can simply say you
are using for a personal project.  OBFS4 on the other hand is not normally
used by IT people--it is used to get around IT people.  They will
immediately be very suspicious if they are able to figure out the
protocol.  And the destination IP address is who-knows-what, which could by
itself raise questions and might even lead them to think a computer on
their network could be infected with a virus that needs immediate
investigation.  In the end, a protocol they know and understand and use in
their own work will be much less threatening to them than something they
don't.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk