[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] We need much more bridges with obfs4 and iat-mode set to 1 or 2..barely can't find any.

To: Fran via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] We need much more bridges with obfs4 and iat-mode set to 1 or 2..barely can't find any.
From: Fran via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Aug 2022 12:51:25 +0200
Cc: Fran <fatal@xxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 Aug 2022 08:46:21 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1661338287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+Vk0hftzedqbc9arsgvtzQ83OV/4hfSZif6kMNDuvN8=; b=qVQcxQjEf3fv3l0kZw1vS7NK97w4q0GxldYRcRGJ+0yNI2TaqCM2biydmTJ3eUcIOpLY/4 sUlqySUSMx72+U9aOuW7l+hE0nx7SzYV+NXUeF2Pqrv8TdeUHUiPQn4m1gFelUwYNhScTh zvRt7MxIapb9J61IWKC2DZmnI/8kvqBhkCgOH3HWhPLzr9WRrA6i+ujHGantHSJipfrcTr ImVmo93KsedgvA1BShL1UXqmpLYTCUiW1TG20W17ZYmwLtKCw9AP0iEK62+CobJQkvBKGB /VPHM1DNbmlzou0+AvsDnq5wuX9Y1ANQ2QTsMtWC/1DZ7QInI+E6bdMgGKZv2A==
In-reply-to: <C84528C1-1334-4F64-B41F-AB530A186233@coolcomputers.info>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <trinity-cc580fc6-9bd9-452f-a36b-8638f372aeec-1661272748670@3c-app-webde-bs19> <C84528C1-1334-4F64-B41F-AB530A186233@coolcomputers.info>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Philipp Winter regarding iat mode:

>The feature introduces a substantial performance penalty for a dubious
>and poorly understood privacy gain.  If I were to write an algorithm to
>detect obfs4, I wouldn't bother dealing with its flow properties; there
>are easier ways to identify the protocol.  In hindsight, it was >probably
>a mistake to expose the iat option to users and bridge operators.
>
>Cheers,
>Philipp

https://lists.torproject.org/pipermail/tor-relays/2021-February/019370.html

On 8/24/22 09:50, John Csuti via tor-relays wrote:

I can dedicate 2 more IP’s from my network to this. You just want it tobe obfs4 and iat-mode set to 2?
Thanks,
John C.
On Aug 24, 2022, at 2:35 AM, elise.toradin@xxxxxx wrote:
As in the title, it took me over an hour to find one - for my securityrequirements, the timing and sometimes, packet size obfuscation, isvery important.Now this might sound a bit like sarcasm, but I also think that weshould harden the https://bridges.torproject.org page, just a captchaand not delivering new bridges to the same IP is a bit weak, in myopinion.Perhaps extend that block to an entire /16 range, or require somecomputational power to be used up (could be easily implemented inJavaScript) first.The last suggestion would also eliminate bots that scrape bridgeaddresses using plaintext clients entirely, at least until someonebuilds a chromium / (insert arbitrary browser engine here) bot.I know this is a cat and mouse game, but the bridge page should be assecure as possible.For example: I wouldn't mind waiting 5-15 minutes to get a list of 3bridges (optionally, with a button that says, iat-mode non-zero only,but we need to harden more before implementing something like that),some government agencies might be thrown off by this, along with thefact that they also only have limited IP ranges.
Thoughts?
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] We need much more bridges with obfs4 and iat-mode set to 1 or 2..barely can't find any.
  - From: elise . toradin
- Re: [tor-relays] We need much more bridges with obfs4 and iat-mode set to 1 or 2..barely can't find any.
  - From: John Csuti via tor-relays

Prev by Author: [tor-relays] We need much more bridges with obfs4 and iat-mode set to 1 or 2..barely can't find any.
Next by Author: Re: [tor-relays] recommended way to run 0.4.7 on armhf?
Previous by thread: Re: [tor-relays] We need much more bridges with obfs4 and iat-mode set to 1 or 2..barely can't find any.
Next by thread: Re: [tor-relays] We need much more bridges with obfs4 and iat-mode set to 1 or 2..barely can't find any.
Index(es):
- Author
- Thread