[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
From: Andreas Krey <a.krey@xxxxxx>
Date: Wed, 3 Oct 2018 12:23:27 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 03 Oct 2018 06:23:40 -0400
In-reply-to: <_cA_gm2Op17mqM5HIP_wiWecp_gqWhDWtpMBuM-xBtFeKW0rQxM06eWhFP_K7htuteSDiwBU7Imy-cEBeeouKsAuV-ngpRl0Meq6Uc8X5IQ=@protonmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <_cA_gm2Op17mqM5HIP_wiWecp_gqWhDWtpMBuM-xBtFeKW0rQxM06eWhFP_K7htuteSDiwBU7Imy-cEBeeouKsAuV-ngpRl0Meq6Uc8X5IQ=@protonmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.4.2.1i

On Wed, 03 Oct 2018 08:41:29 +0000, ithor wrote:
...
> So would there be a way to (pen-?)test a private obfs4 bridge as being non blacklisted and actually usable without really trying to connect to it and alarming my ISP and DPI the like ?

Obviously not. To test that you need to try to connect to it and
consequently risk running into a block.

For the paranoid: The firewall operator might just as well just log who
is using known brigde (incl. obfs4) addresses but letting the connections
pass to just see who is using tor.

> This seems like an overlooked security and privacy issue with a lot of possible consequences.

It's not as much overlooked but almost impossible to avoid. The only
is/was domain fronting on a cloud provider and might be encrypted SNI 
once that itself is widely deployed - only then do you look the same
as regular internet users.

On the other hand, the question is whether using tor itself is outlawed or raising suspicion in your country.

> Same thing for the entry-nodes. How can I know for sure the randomly selected one isn't rune by some gvt trol ?

By knowing and trusting the operator. That's the reason tor stopped
swapping entry nodes around - the fewer you use the lower the risk.

Also, geographic selection: Depending on the country of the relay,
trolls are unlikely to report to your gvt.

- Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
  - From: ithor

References:
- [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
  - From: ithor

Prev by Author: Re: [tor-talk] privacy concerns with new CAPTCHA-method for obfs4 bridges
Next by Author: Re: [tor-talk] privacy concerns with new CAPTCHA-method for obfs4 bridges
Previous by thread: Re: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
Next by thread: Re: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
Index(es):
- Author
- Thread