torrio888@xxxxxxxxxxx: > Could Chinese censors successfully block most of the snowflakes by > running several machines that would automatically send requests to the > snowflake broker and collect IP addresses of snowflakes? > > They cold randomize the requests to look more natural and they could > spoof their IP addresses like they did when they used active probing to > collect non-obfuscated Tor bridges so that broker operator cannot > identify and block IP addresses of their probing servers. Unless I'm missing something about the threat model, this is basically the same attack that already applies to all the other Tor bridges (with the exception of Meek bridges, which are a very different beast). China can try to enumerate Snowflake bridges via Sybil-attacking the bridge distribution mechanisms in the same way that they can try to enumerate any other non-Meek bridges. The main benefit of Snowflake against this threat model compared to other bridge types is that Snowflake bridges are more likely to be on dynamic IP addresses and are more likely to have intermittent availability. Both of these factors mean that Snowflake bridges have substantially more "churn", which means they resist enumeration attacks substantially better than the other bridge types. (You may recognize this advantage as one that a previous bridge type, Flash Proxy, also had. Snowflake is similar to Flash Proxy in this sense, but doesn't suffer from the UX issues that caused Flash Proxy to be deprecated.) (Full disclosure: I'm not super familiar with the details of Snowflake, so maybe I've made errors in the above. Anyone who's more knowledgeable about Snowflake is encouraged to correct any errors in what I stated, if there are any,) Cheers, -- -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmobile@xxxxxxxxxx Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please don't send me unencrypted messages. My business email jeremy@xxxxxxxxxxx is having technical issues at the moment.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk