[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] bridge:// URI and QR codes

To: tor-dev@xxxxxxxxxxxxxxxxxxxx, Nathan Freitas <nathan@xxxxxxxxxxx>
Subject: Re: [tor-dev] bridge:// URI and QR codes
From: Michael Rogers <michael@xxxxxxxxxxxxxxxx>
Date: Tue, 2 Aug 2022 12:23:30 +0100
Autocrypt: addr=michael@xxxxxxxxxxxxxxxx; keydata= xsBNBE+DF5gBCADGR+FvMLv2vtjznaZbfqRVLNnxfFzXwO8LPu8MdwDMYFEubTx9pCz5Z/jI +BEI+rkhbJbJYRw13rj7zEJWN2+QUb4YtaHCcR1ClA5pcZUurPqbMsFlIruEufydoCcEiTUN FtP/8MrYy70BqDzIgLzpS9tk7CwY2CELm8z0aLIa4th6rjUTIZb+2DbIrVUIwLbub/W014aJ hH942bGO/pbMz8QCdLjtT0YKTiLTDvU0gPA50YxBZHWKqHjJS+35cJUvVxILgSiqqeAkHPks 0IerMGTXBt5QaPamBEo9cGNr0hnRizwvRBPMcG2YDl5CJazUWwCe3FNRUzFfbMq9l3+PABEB AAHNKU1pY2hhZWwgUm9nZXJzIDxtaWNoYWVsQGJyaWFycHJvamVjdC5vcmc+wsCVBBMBCAA/ AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBOZPGeu76GqpevNv1REET9GfxSfMBQJf fYhwBQkTvNfYAAoJEBEET9GfxSfMX1IH/j0WYB1kved7P5JR/sh8aFWcBRCh7YBU4kFACDPa scM6OaBrKac94V8hmkUx0q9ZC78QWxZDJp70H6rQt332A9lN5mC2W2itPfLLWLN2A+y/g4UG 9pkW/NY9bZVCv1TvDfMxeGYti+Hy9maOmtzh4gxI3NVFrMMEwF5k3oiXpmXg8V1Anm+O2fMG PVLE2uHZnd+FMXu2PW55VKduCuXYUWE+VxHISckQhHufppCsr+duN/eVlLBFDsaceJeG1Zsb UoK6j94tHScIu/WWpHtMmwP48dUiLQqf36hZn1FLeH4ly16Jn1vA3eOO5vbMzT5vjpTwcOgN sy6QXGSUP2RLA2bOwE0ET4MXmAEIANUnWr24a4J48TzCrJsky2NfEBvH6W4N4gessI9PgTwf Yn6/5f/viJGMGgyVnclWlpA9VHTmczjtXKPQpGE+5y/pMfRL0DZxI+ICdbIwihg4JxiMvwus 9Fh2h4t3xvWbuf8pTKL6k6Q3+nElQfnreC+zjGX5qDKE1eRXHEN/bCKlmauvznWpJRkmij80 V+4hbXcxTQfKyVBojl9niRJXeOBT5Al5KJJyAdEa2ENEgVc3OGLxMbwoWL9JdXEYAPllg1VX vpPNiNc66cKc+xeOPexXw2qCqEI+kaUO0jlt7T0WMEqo/M0FXMkVe49hS/fS4vJLsTMpnTz3 O+f+k3/ENa0AEQEAAcLAfAQYAQgAJgIbDBYhBOZPGeu76GqpevNv1REET9GfxSfMBQJffYh6 BQkTvNfiAAoJEBEET9GfxSfMhI4IAIbQvyiEog97IcGGL3uOf4m/WMytw2ezNW9itVxTXz1A 5zQt7n1XOsUTOYdSPweBbaj16UY+VyMYi9ZM5UetIhJUnS4vb9abD041neySDrLGXHccDAEs p8cTD7hGIFWSDbZSHJn/F6/iyAflHr9zNda6UHBlRXQ1i71CBLU/G2qDdq5OS10CeOVUKEjE SzlPP6Gy0x/Q+Ja21ZLPgdLt10GlQsBMGVQoWzDmlix8XWgbVS2/aej9ws9K+s44jyrClUha VEfy295I98Y8GInbj4pSHrZQI2b6uJcKfUyPMAxds+8b3b+E0OzHzHexBWU8I3DB1MK5KYGp h7HU+sYgJjw=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 02 Aug 2022 07:23:48 -0400
In-reply-to: <178a7656-f5a6-4ca2-ab03-aaa6cd6e3966@www.fastmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <165816284178.3197.11555974087175189132@localhost> <2171285.DyMDfk1abI@com> <165831850633.4475.7557438809114375670@localhost> <178a7656-f5a6-4ca2-ab03-aaa6cd6e3966@www.fastmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0



On 20/07/2022 18:15, Nathan Freitas wrote:



On Wed, Jul 20, 2022, at 8:01 AM, meskio wrote:

Quoting Torsten Grote (2022-07-19 14:54:01)

On Monday, 18 July 2022 13:47:21 -03 meskio wrote:

What do you think of the proposal? How can we improve it?


A slightly unrelated question:

Was there any consideration about deanonymization attacks by giving the user a
bridge controlled by the attacker? I worry that those get more likely when
getting bridges via links and QR codes becomes normalized.

Apart from the source IP address of the user and their Tor traffic pattern, is
there anything else an attacker can learn from operating the bridge?


At least from my side there was not consideration on this topic yet. Thank you
for bringing it, I think is a pretty valid concern and we should do some
planning on it.

I wonder if we should only accept bridge URIs/QR codes when the user
clicks on
'add bridges' inside the tor related app. Or will be enough to accept
bridge
URIs on any moment but communicate to the user clearly what is
happening and ask
them for confirmation. We should never change the bridge configuration
silently
from a bridge URI without any user intervention.

I think we should add something about it to the "Recommendations to
implementers" on the proposal.


I believe in Orbot today we do promote the user after they scan a code or click on a bridge link. Definitely agree there should be that step.

Another thing that would be useful for this scenario would be forBridgeDB to publish some kind of signed record saying "the bridge withsuch-and-such a fingerprint was known to BridgeDB at such-and-such atime" - similar to what can already be queried via the API, but in aform that could be distributed offline.

If users were able to distribute these records alongside thecorresponding bridge lines then apps might decide to treat BridgeDBbridges differently - for example, showing a warning if the bridgeentered by the user was *not* signed by BridgeDB. This would provide auseful second layer of trust when finding bridges from sources likeTelegram bots, where the provenance isn't always clear.

However, including these signatures in a bridge URI might make the URIquite long, which in turn might cause issues with scanning QR codes. Sothere might be tradeoffs here.


Cheers,
Michael

Attachment: OpenPGP_0x11044FD19FC527CC.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] bridge:// URI and QR codes
  - From: meskio
- Re: [tor-dev] bridge:// URI and QR codes
  - From: trinity pointard

Prev by Author: Re: [tor-dev] bridge:// URI and QR codes
Next by Author: Re: [tor-dev] Counting HS descriptor uploads
Next by thread: Re: [tor-dev] bridge:// URI and QR codes
Index(es):
- Author
- Thread