[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] privacy concerns with new CAPTCHA-method for obfs4 bridges



ok, so for once i'll keep my fingers crossed for Microsoft...

How should I imagine the connection until the Azure server. What does it tell the DPI ? Just that I'm connecting to a close-to-my-country-based Microsoft CDN ?

On wikipage it's stated that

The technique works by using different domain names at different layers of communication. The domain name of an innocuous site is used to initialize the connection. This domain name is exposed to the censor in clear-text as part of the DNS request and the TLS Server Name Indication.

So a meek request is sent in clear-text. What exact information is given ? The exact ip address of the Azure server, its geolocation ? Could the DPI find out that this is being used for bootstrapping Tor ?


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, October 3, 2018 12:06 PM, Jonathan Marquardt <mail@xxxxxxxxxxxx> wrote:

> On Wed, Oct 03, 2018 at 08:38:52AM +0000, ithor wrote:
>
> > ever since TBB 8, there's the new moat way to obtain private obfs4 bridges
> > through a CAPTCHA. In the following webpage it's stated meek is used in
> > order to communicate with the Tor bridges database. Now, my question is :
> > which ones ? In my country, domain fronting for Amazon and Google are
> > unavailable, so the only meek_bridge still working is the meek_azure one,
> > which isn't going to last.
>
> It's not just your country. The meek bridge instances in the Google and Amazon
> CDNs were shut down by the the corresponding companies. They did so supposedly
> because it voilated their terms of use. They probably don't want to ruin their
> relationships with totalitarian regimes. Unless all of the sudden Microsoft
> decides that they want these good relationships as well and shut meek-azure
> down, I see no reason to believe that it's not going to last. Meek should be
> relatively hard to censor using a firewall.
>
> > So what will happen when it will shut down ? What alternative solutions TBB
> > will come up with?
>
> There's still the good oldbridges.torproject.org website as an alternative as
> well as GetTor: https://gettor.torproject.org/
>
> > Second question : how is the information concerning the private obfs4 bridge
> > protected during the inquiry ?
>
> Meek works by tunneling your data via TLS encryption from the CDN, in this
> case Microsoft Azure. No adversary tapping your internet connection should be
> able to retrieve the data.
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
> https://www.parckwart.de/pgp_key


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk