[metrics-bugs] #23958 [Metrics/Onionoo]: Onionoo not fetching the bridge descriptor correctly?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 24 00:56:13 UTC 2017
#23958: Onionoo not fetching the bridge descriptor correctly?
-----------------------------+------------------------------
Reporter: dgoulet | Owner: metrics-team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Metrics/Onionoo | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------+------------------------------
Comment (by dcf):
I'm pretty sure that this is the case for all the Tor Browser default
bridges, and it's because we ask the bridge operators to block their
ORPort from outside access. This is to prevent reachability tests from
succeeding, and so keep the default bridges out of BridgeDB.
For the default bridges, having them in BridgeDB does nothing but make
them more discoverable to a censor: in addition to being scraped from the
source code, they can also be harvested through BridgeDB, or be detected
on the wire when some user connects to them using vanilla Tor (easily
fingerprintable) instead of obfs4.
Blocking the ORPort is a workaround we have been applying for the default
bridges for a long time, until #18329 is fixed. Also #7349 is related:
most bridges can't hide their ORPort because they will be kept out of
BridgeDB and be useless, but default bridges don't need BridgeDB so they
can enhance their security by hiding their ORPort.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23958#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the metrics-bugs
mailing list