[tor-bugs] #25098 [Webpages/Website]: download warnings tell you to use a bridge so a local adversary can't learn you're a tor user

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 31 13:09:49 UTC 2018 

#25098: download warnings tell you to use a bridge so a local adversary can't learn
you're a tor user
----------------------------------+--------------------
     Reporter:  arma              |      Owner:  (none)
         Type:  defect            |     Status:  new
     Priority:  Medium            |  Milestone:
    Component:  Webpages/Website  |    Version:
     Severity:  Normal            |   Keywords:
Actual Points:                    |  Parent ID:
       Points:                    |   Reviewer:
      Sponsor:                    |
----------------------------------+--------------------
 The last warning in the warnings list says

 """
 Use bridges and/or find company

 Tor tries to prevent attackers from learning what destination websites you
 connect to. However, by default, it does not prevent somebody watching
 your Internet traffic from learning that you're using Tor. If this matters
 to you, you can reduce this risk by configuring Tor to use a Tor bridge
 relay rather than connecting directly to the public Tor network.
 Ultimately the best protection is a social approach: the more Tor users
 there are near you and the more diverse their interests, the less
 dangerous it will be that you are one of them. Convince other people to
 use Tor, too!
 """

 But simply using a bridge probably doesn't help much. Maybe if there were
 special pluggable transports that helped especially well. It really
 depends what *your* adversary is doing to discern Tor users. Are they
 using a list of destination IP addresses? Probably not. Are they using
 DPI? Maybe, if they bought some DPI box and configured it to do that.

 Using a VPN can help, sometimes, but it also just shifts the problem to
 some other place that gets to track you.

 I wonder how best to capture all of these nuances in a sentence or two for
 the warnings list.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25098>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list