Re: [tor-bugs] #8705 [BridgeDB]: bridges.torproject.org Pluggable Transport configuration warnings

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#8705: bridges.torproject.org Pluggable Transport configuration warnings
-------------------------+--------------------------------------------------
 Reporter:  oscardelta   |          Owner:  isis    
     Type:  enhancement  |         Status:  accepted
 Priority:  minor        |      Milestone:          
Component:  BridgeDB     |        Version:          
 Keywords:  webUI        |         Parent:          
   Points:               |   Actualpoints:          
-------------------------+--------------------------------------------------
Changes (by isis):

  * owner:  => isis
  * keywords:  Pluggable Transport, bridges, warnings => webUI
  * status:  new => accepted
 * cc: isis@â (added)
  * priority:  major => minor


Comment:

 Replying to [ticket:8705 oscardelta]:
 > Instructions from !https://bridges.torproject.org/ aren't complete so I
 tried to write better from the Vidalia help and
 !https://blog.torproject.org/blog/different-ways-use-bridge
 >

 We are planning to deprecate Vidalia, and, given that the volume of
 complaints generated about Vidalia's UI, I think it is unwise to model
 future UI developments on Vidalia.

 I have literally had Syrian activists slap me on the wrist for how
 difficult it is for them to configure TBB correctly (for their situation,
 for what I was advising them to try) using Vidalia. That said, I
 completely agree with you that bridges.tpo needs improvements -- I just
 don't think it's a good idea to attempt to improve one broken thing by
 modelling it after another broken thing.

 > (!https://bridges.torproject.org/)
 > "(here I suggest to add the
 !https://bridges.torproject.org/?transport=obfs3 link.
 > It would be convenient to provide and highlight the active links from
 the bottom of the page to here and for all the supported Transports than
 to let the users to feel lucky with "Specify transport by !name:" form. I
 suggest to rename the "Looking for obfsproxy bridges?" to specific obfs2)
 >

 Okay. Agreed.

 > To receive your bridge relay address, please prove you are human
 >
 > Here is the address you asked for:
 >
 > ÂÂ x
 >
 > Another way to find public bridge addresses is to send mail to
 bridges@xxxxxxxxxxxxxx with the line "get bridges" in the body of the
 mail. However, so we can make it harder for an attacker to learn lots of
 bridge addresses, you must send this request from an email address at one
 of the following domains:
 >
 > ÂÂÂ gmail.com
 > ÂÂÂ yahoo.com
 >
 >
 > To use the Bridge address, go to Vidalia's Network settings page, check
 the "My ISP blocks connections to the Tor network" box and add the
 bridges, one at a time, to the list.
 >

 There definitely should be better instructions, although I personallly
 don't like the idea of having a cluttered page full of warnings that must
 be updated constantly as situations change. Also, changing anything to say
 "use Vidalia" now is not such a good idea; these things will need to be
 changed yet again very soon, when https://gitweb.torproject.org/tor-
 launcher.git is ready to be deployed.

 >
 >
 > WARNINGS!
 >
 > Configuring more than one bridge address will make your Tor connection
 more capable of circumvention, in case the Bridge became unreachable, but
 also more recognizable, in case some bridge you are using became
 recognized as Tor-specific relay.
 > Tor Project bundles, by default, handshaking through the Internet with
 all bridges listed in Vidalia's network settings. IT IS SUGGESTED to
 replace all the default bridges from the list to minimize the probability
 of recognition as Tor user BEFORE YOU START to use the Pluggable Transport
 bundles

 I ''believe'' this is not the case, I have not seen nor heard of any
 censors detecting Tor by the number of simultaneous connection
 initiations. Please correct me if I am wrong! :)

 > 1. Go off-line
 > 2. Launch Vidalia (start browser bundle)
 > 3. Stop Tor
 > 4. Configure the Bridges list
 > 5. Restart the Vidalia and Tor (restart browser bundle)
 > or
 > 1. Redact the "torrc" before the first launch.
 >

 Honestly...these instructions do not make much sense to me. I doubt they
 would make much sense to a person trying to figure out configuring using a
 Bridge to connect to the Tor network for the first time.

 >
 > If you are using the Pluggable Transport Bundle for obfuscation rather
 than for circumvention, so you got trusted Bridge, you should disable
 Flash proxy bridges from connecting to your browser by deleting the
 websocket bridge from the Bridges list. Read about default Flash proxy
 configuration here
 !https://trac.torproject.org/projects/tor/wiki/FlashProxyHowto
 >

 Hmm, perhaps starting with adding a FlashProxy page, like we have for IPv6
 and obfs2 would be better? No need to confuse people with extra
 information that is irrelevant to them.

 > Even if your connection to the Tor have already leaked you could still
 help the new users to obtain their first Bridge address without them
 contacting the Tor directly.
 >

 I'm not sure that I understand what you're saying here...please explain
 more?

 > FAQ
 >
 > What is Tor bridge?
 >
 > "Bridge relays (or "bridges"
 !https://www.torproject.org/docs/bridges.html.en for short) are the common
 name for the cutting edge Tor entrance relays(entry nodes?) being
 developed and running on the diverse Pluggable Transports servers
 configuration.
 > You could imagine your Pluggable Transport of choice is coursing between
 your client and the Tor network first by the specialized (possibly hidden
 or even private) Bridges, then routed by classic Tor to the Internet, and
 back again.
 >
 > After you choose and configure the connection method(s) with Pluggable
 Transports !https://www.torproject.org/docs/pluggable-transports.html.en
 in your Tor client you should point it to the compatible "bridge". An
 instance created from any of the current !https://cloud.torproject.org/
 images will automatically be a normal bridge, an obfs2 bridge, and an
 obfs3 bridge. (What do you suggest to use and why?)
 >
 > Are bridges significantly more secure than TBB direct relays? Should I
 move to the PTB?
 >
 > Pluggable Transports have their specific advantages and disadvantages.
 >
 > The differences to the "direct relays"(basic Tor entry nodes?) are
 > 1. Users can customize own connection priorities using Pluggable
 Transports.
 > 2. Relay authority can choose to publish bridge address to the Bridge
 Authority (a special Tor Project relay collecting all bridge addresses
 that it receives and providing it to users with interfaces like this
 page), or to distribute it in any other ways.
 > 3. !https://metrics.torproject.org/users.html#bridge-users to
 !https://metrics.torproject.org/users.html#direct-users
 >
 > So Pluggable Transports could provide a significantly stronger
 circumvention and obfuscation abilities but could add to the connection
 latency so the TBB could be faster for a while"
 >

 Hmm...most of that also did not make sense to me. Also, none of it is
 pertinent to what the user is trying to do when they get two bridges from
 bridges.tpo.

 > Please edit, move, just don't throw away all this as I have invested
 time in this to help the project as much as I can.

 Thanks for writing all this. In general, any UI improvements for Tor
 Project things are most welcome, as we're not exactly known for having
 amazing UI.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8705#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs