[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] privacy concerns with new CAPTCHA-method for obfs4 bridges

On Wed, Oct 03, 2018 at 08:38:52AM +0000, ithor wrote:
> ever since TBB 8, there's the new moat way to obtain private obfs4 bridges 
> through a CAPTCHA. In the following webpage it's stated meek is used in 
> order to communicate with the Tor bridges database. Now, my question is : 
> which ones ? In my country, domain fronting for Amazon and Google are 
> unavailable, so the only meek_bridge still working is the meek_azure one, 
> which isn't going to last.

It's not just your country. The meek bridge instances in the Google and Amazon 
CDNs were shut down by the the corresponding companies. They did so supposedly 
because it voilated their terms of use. They probably don't want to ruin their 
relationships with totalitarian regimes. Unless all of the sudden Microsoft 
decides that they want these good relationships as well and shut meek-azure 
down, I see no reason to believe that it's not going to last. Meek should be 
relatively hard to censor using a firewall.

> So what will happen when it will shut down ? What alternative solutions TBB 
> will come up with? 

There's still the good old bridges.torproject.org website as an alternative as 
well as GetTor: https://gettor.torproject.org/

> Second question : how is the information concerning the private obfs4 bridge 
> protected during the inquiry ?

Meek works by tunneling your data via TLS encryption from the CDN, in this 
case Microsoft Azure. No adversary tapping your internet connection should be 
able to retrieve the data.
OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to