[tor-dev] Idea regarding active probing and follow-up of SSL connections to TOR bridges

Tom Ritter tom at ritter.vg
Sat Jul 27 14:36:42 UTC 2013


On 27 July 2013 10:17, Lag Inimaineb <laginimaineb at gmail.com> wrote:
> As for suggestions such as SWEET, FreeWave, etc. - those would require
> changes to the TOR clients (right?), which makes them probably less easy to
> use, unless they are merged into the TOR mainline. Same goes for
> ScambleSuit, since the shared secret much somehow be delivered out-of-band,
> which is not always an easy feat to accomplish.

Those are not the biggest hurdles.  Distributing a secret along with
bridge IPs is not too difficult, BridgeDB has this capability built
in.  Likewise, changes to TBB are relatively easy compared to the
difficulty of having a major social media site install software that
splits Tor bridge traffic off from their legit HTTP traffic.  That
would require them being extremely, _extremely_ confident in the
scalability, performance, and security of said code.

That said - I've had this same idea myself.  I tend to categorize
censorship into 4 buckets:
1) Source-Based. You are not allowed online.
2) Destination-Based - you can't talk to this host, this IP, this port
3) Byte-Matching - You can't search for this term, you can't speak this protocol
4) Pattern-Based - You can't talk SSL in a manner where you're
uploading the same amount as you're downloading, or you can't use SSH
in a way that looks like you're transferring files.

We've seen large deployments of Destination-Based and Byte-Matching
(and augmented w/ follow-up scans to have a higher confidence).

Github was blocked in China briefly, and allegedly the Chinese people
protested and the ban was lifted.[0]  This implies, to me, that
certain sites are too politically important to be blocked.  If we
enlisted their help in this model we would have essentially
unblockable bridges.  It's a win-win: Either the gov't doesn't block
the site, and people can use the bridges OR The gov't does block the
site, piss people off, and hopefully begins the crumble.  It's
probably not a popular opinion, but the more the government makes a
people suffer... the more likely they are to overthrow it.  (And not
having github is a lot better suffering than being thrown in the
gulag.)

-tom

[0] http://www.h-online.com/open/news/item/GitHub-blocked-in-China-Update-1789114.html


More information about the tor-dev mailing list