[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21951 [User Experience]: Tor Launcher improvements and automation



#21951: Tor Launcher improvements and automation
-----------------------------+-----------------------
 Reporter:  linda            |          Owner:  linda
     Type:  project          |         Status:  new
 Priority:  Medium           |      Milestone:
Component:  User Experience  |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:                   |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+-----------------------

Comment (by iry):

 Hi Linda! Thank you so much for opening this ticket!

 I will be working on the anon-connection-wizard, which is a python clone
 of the Tor Launcher. I do find your solid research useful and inspiring.
 The following is some of my thoughts related to your paper and proposal.

 1) You mentioned two different implementation of the Tor Launcher: "One
 way would be to try a bunch of relays/bridges in a specific order, and
 stop when one is reachable. Another way would be to try all the
 relays/bridges at the same time, and return one that works to the user. "
 Since this behavior may be different from the behavior of users who
 connect to the Tor network without the help of Tor Launcher, we need to be
 careful about the risk that an adversary on the user's ISP side to
 distinguish different Tor users behaviors.

 2) Currently, [BridgeDB](https://bridges.torproject.org/options) use a
 challenge-response test to prevent adversaries from enumerating all the
 existing unlisted bridges. I am not sure if the automation of Tor launcher
 will let adversaries take the advantages of it as well. (I assume by
 saying "all", you mean the built-in bridges options that are already
 available in Tor launcher.)

 3) I find neither the current design of the Tor Launcher or the suggested
 revised design of the Tor Launcher take much care about the use case where
 Tor users use third-party censorship circumvention tools to bypass the Tor
 censorship. However, those third-party censorship circumvention tools are
 actually widely used in heavily censored area where Tor bridges and
 puggable-transports are not effective. For example, when user use a VPN or
 a Lantern to help Tot connect to the network, the current instruction may
 not be clear enough to guide them configure the Tor.

 Could you, or anyone else please share your insights or opinions on the
 problems I mentioned? I am more than happy to have a further discussion on
 these topic.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21951#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs