[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Email Bridge Distributor Interactive Commands

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Email Bridge Distributor Interactive Commands
From: Matthew Finkel <matthew.finkel@xxxxxxxxx>
Date: Sat, 26 Jul 2014 08:36:45 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 26 Jul 2014 04:37:02 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:date:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=ikRY+edK0HOlR/Q1/EH8kRAATGLARGVcxfP9Cm3YcEc=; b=qzpCkeBK54teryuEY9QXD6C9A3P/Y8dZQuRaZaFqNd6OTCLoAEf9Ug4GxyiIcg1yaa I7MokbQAsL1QUGdEzBGaJ2HL4g4YSEZWjh6wcjOy3//By/5KACvDE4aVzDtSKmsoSf5d 7iI5Au2OYgDSyxHd6oRcvEsdFFTFqLWFMd4T7MrpqAC8r1rC1AG3CTiP7j2pp7+5uXPU otGLKllKTP+rp0MOxdNogs7b14OsZJ+/jahY/pYxqNSDMMGk6TJsIx8t1TVzMeiQNLG/ qPsxWecRtm51FyDQhQO0Kpc6RakSzZKlazNc+Fn3j24IET5F1E5ztAlfZwXSr8QMU5/i oXeQ==
In-reply-to: <20140720220703.GB4318@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20140720185242.GB20146@localhost> <20140720220703.GB4318@xxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)

On Sun, Jul 20, 2014 at 06:07:03PM -0400, Philipp Winter wrote:
> On Sun, Jul 20, 2014 at 06:52:44PM +0000, Matthew Finkel wrote:
> > So, the questions I am posing to those in the community who has an
> > opinion about this: What do you think? What problems do you currently
> > have with this?  How can this be improved?
> 
> Non-technical users might be confused by the parameters.  Perhaps we
> could drop the "transport" parameter and have the following flat
> hierarchy?
>   get vanilla
>   get ipv6
>   get obfs3
>   get fte
>   get scramblesuit
>   etc
> 

So you think we should accept (roughly) the regex "^.*(\w*)$" and
return bridges based on the last token? I think we can do something
like this. I do think, based on other responses, that we have some
other open questions, though. Listing multiple token on a single will
become more difficult, but we can figure something out.

> An even simpler option would be to also drop "get" and simply look for
> the keywords "vanilla", "obfs3", ... in the email subject and body.
> 
> Also, if the user fails to form a valid email, I think we should still
> reply with a set of bridges.

This is a tricky problem:

  "I'm TorBrowser, I know about N bridges, but I don't know which ones
   I should use, so I will pick a few and try them."

  "I'm <adversary>. Wow, look at this traffic coming from
   <ip address>! That looks odd, I see this traffic that looks like
   Tor, BLOCK! And another flow that looks like obfs2, BLOCK! and
   another that looks like...huh, I don't recognize it. Let's play
   it safe. BLOCK!"

Alternatively the adversary could simply detect recognizable tor-flows
and then track all subsequent traffic and see what it does and how
it behaves, thus building a profile of it.

We need to be very careful about blindly giving out different
transports together. We can default to a few obfs3 bridges, though,
instead of obfs3, scramblesuit, and fteproxy.

The above example is obvious contrived, and my not be used (often), but
it is a risk, and I'm mostly against playing that game unless we are
significantly harming peoples' abilities to access the internet.

Thanks for the feedback Philipp, very much appreciated!
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Email Bridge Distributor Interactive Commands
  - From: Matthew Finkel
- Re: [tor-dev] Email Bridge Distributor Interactive Commands
  - From: Philipp Winter

Prev by Author: Re: [tor-dev] Email Bridge Distributor Interactive Commands
Next by Author: Re: [tor-dev] Email Bridge Distributor Interactive Commands
Previous by thread: Re: [tor-dev] Email Bridge Distributor Interactive Commands
Next by thread: Re: [tor-dev] Email Bridge Distributor Interactive Commands
Index(es):
- Author
- Thread