[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Publishing bridge contact information

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Publishing bridge contact information
From: Karsten Loesing <karsten@xxxxxxxxxxxxxx>
Date: Thu, 8 Feb 2018 09:42:49 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 Feb 2018 03:43:07 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to; bh=mycGuu7TLRXINf/VqvhreqMGlQNfAsfte5t6UoSS/HU=; b=oeVogKBkdLCv6eC6lKDmfIA/Rk3KOlWnV9zrMc1RSqouB0h+Brbsw0I30dDSgOsIWm gVwZN4kHQW/xK+UqJvIsv7KDHlksfMSNmv/edFG2/18o7okI4mOH6AAP9+afb7BIjq1e vO3aNKhIfXMID1Fn3iEIkeT82cEYzRqEd5nkx50oj26yQGFtooSpv3F3rUl1GQZpvWDv av1DT4IE/pQbP4A6M4Vi3c1xV0flUQFedcMRKgJpk1h5VQJVxLIqhbiccFPDUw5Yjy0Z UvfsYgO8a5Stfp0vxTlWCamRsGnNd5jU9cf8khk/mBoSVeKgvcG6nE2SVIKVTUm05QT2 Ac8Q==
In-reply-to: <30052600-1F1E-488F-AD00-CF030C1C97C2@sebastianhahn.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6d75dc2e-e689-3e61-1038-6316f9948f88@torproject.org> <1518026108.2689919.1262975040.40AA6A05@webmail.messagingengine.com> <30052600-1F1E-488F-AD00-CF030C1C97C2@sebastianhahn.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

On 2018-02-07 19:37, Sebastian Hahn wrote:
> 
>> On 7. Feb 2018, at 18:55, Geoff Down <geoffdown@xxxxxxxxxxxx> wrote:
>>
>>
>>
>> On Wed, Feb 7, 2018, at 4:45 PM, Karsten Loesing wrote:
>>
>>> Possible disadvantages are:
>>> - If somebody runs a relay and a bridge, both with the same contact
>>> information, a censoring adversary might guess that the bridge might run
>>> on a nearby IP address as the relay. However, they could as well assume
>>> that for all relays and block or scan the IP space around all known relays.
>>> - Bridge operators might be surprised to see their contact information
>>> in a public archive. We do have a warning in the tor manual
>>> https://www.torproject.org/docs/tor-manual.html.en#ContactInfo, but
>>> maybe nobody reads the fine manual.
>>
>> An email address may be linked to an IP address in public sources, e.g. mailing list archives, forum postings.
> 
> ... or whois information.

Okay.

These sound like variants of the first disadvantage listed above. There
are two additional assumptions in here, though:

 1) bridge operators use the same or a similar email address as their
bridge contact information and for mailing list/forum postings or in
their whois information;

 2) bridge operators are running their bridges close to the host they're
using to post to mailing lists/forums or close to the host where they're
hosting a registered domain.

I can see situations where both assumptions are met. But I think,
overall, that the likelihood of locating a bridge by connecting contact
information to mailing list archives, forum postings, or whois
information makes this attack rather unattractive.

I'd say let's list this as another possible disadvantage, and let's
compare them all to the possible advantages at the end.

Unless you thought of this as a show-stopper, in which case I'd kindly
ask you to elaborate.

Thanks for the feedback, Geoff and Sebastian!

All the best,
Karsten

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Publishing bridge contact information
  - From: Sebastian Hahn

References:
- [tor-relays] Publishing bridge contact information
  - From: Karsten Loesing
- Re: [tor-relays] Publishing bridge contact information
  - From: Geoff Down
- Re: [tor-relays] Publishing bridge contact information
  - From: Sebastian Hahn

Prev by Author: Re: [tor-relays] Publishing bridge contact information
Next by Author: Re: [tor-relays] Publishing bridge contact information
Previous by thread: Re: [tor-relays] Publishing bridge contact information
Next by thread: Re: [tor-relays] Publishing bridge contact information
Index(es):
- Author
- Thread