[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] anonymity: bridge users vs. entry guard users



On Fri, May 25, 2012 at 06:07:35PM +0200, proper@xxxxxxxxxxxxxxx wrote:
> If I understand correctly, a bridge will be used as the first of three hops.

Yes. See also Item #2 on
https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges
including proposal 188:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/188-bridge-guards.txt

> While users in non-censored areas can will use a certain amount of entry guards, users in censored areas get only three bridges per mail.
> 
> The entry guard users are more unlikely to suffer from unstable (goes
>offline) entry guards and blocking is also no issue. I read, that 80%
>of all bridges are blocked.

Bridges are basically not blocked at all outside of China. In China,
Tor is currently blocked by protocol. See Philipp Winter's "How China
Is Blocking Tor", as well as
https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors

(Pluggable transports like obfsproxy continue to work fine in China.)

> Therefore I think it's safe to assume that
>2 of 3 bridges, bridgedb gives out to users, are already blocked. And
>over time probable also that bridge will get blocked and the user has
>to request new bridges.
> 
> That means, that bridge users rotate their first hops more often than
>entry guard users. Is that true?

Depends how much they care to use Tor. Rotation in the bridge case is
manual, and rotation in the entry guard case is automated.

> If that is true, that also means, that bridge users are sufficiently
>more vulnerable to attacks, which are circumvented by entry guards?

They're probably more vulnerable, but I don't know if I'd say
"sufficiently". There are a lot of attacks to balance. I would worry
just as much about "most bridge users don't know the identity fingerprint
of their bridge":
https://trac.torproject.org/projects/tor/ticket/2764
https://trac.torproject.org/projects/tor/ticket/4624
https://blog.torproject.org/blog/different-ways-use-bridge
and I'd probably worry even more about "there are different requirements
to get the Guard flag than there are to sign up as a bridge":
https://blog.torproject.org/blog/research-problem-better-guard-rotation-parameters
http://cacr.uwaterloo.ca/techreports/2012/cacr2012-11.pdf

Seems to me that the current bridge approach is unmanageable, because we
need more varied bridge addresses, better transports, better distribution
strategies, etc:
https://blog.torproject.org/blog/bridge-distribution-strategies
https://blog.torproject.org/blog/strategies-getting-more-bridge-addresses
https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges
https://blog.torproject.org/blog/research-problem-five-ways-test-bridge-reachability
https://blog.torproject.org/blog/obfsproxy-next-step-censorship-arms-race

Stay tuned to http://freehaven.net/anonbib/ for more.

--Roger

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk