[tor-dev] Email Bridge Distributor Interactive Commands

Matthew Finkel matthew.finkel at gmail.com
Sat Jul 26 08:36:45 UTC 2014


On Sun, Jul 20, 2014 at 06:07:03PM -0400, Philipp Winter wrote:
> On Sun, Jul 20, 2014 at 06:52:44PM +0000, Matthew Finkel wrote:
> > So, the questions I am posing to those in the community who has an
> > opinion about this: What do you think? What problems do you currently
> > have with this?  How can this be improved?
> 
> Non-technical users might be confused by the parameters.  Perhaps we
> could drop the "transport" parameter and have the following flat
> hierarchy?
>   get vanilla
>   get ipv6
>   get obfs3
>   get fte
>   get scramblesuit
>   etc
> 

So you think we should accept (roughly) the regex "^.*(\w*)$" and
return bridges based on the last token? I think we can do something
like this. I do think, based on other responses, that we have some
other open questions, though. Listing multiple token on a single will
become more difficult, but we can figure something out.

> An even simpler option would be to also drop "get" and simply look for
> the keywords "vanilla", "obfs3", ... in the email subject and body.
> 
> Also, if the user fails to form a valid email, I think we should still
> reply with a set of bridges.

This is a tricky problem:

  "I'm TorBrowser, I know about N bridges, but I don't know which ones
   I should use, so I will pick a few and try them."

  "I'm <adversary>. Wow, look at this traffic coming from
   <ip address>! That looks odd, I see this traffic that looks like
   Tor, BLOCK! And another flow that looks like obfs2, BLOCK! and
   another that looks like...huh, I don't recognize it. Let's play
   it safe. BLOCK!"

Alternatively the adversary could simply detect recognizable tor-flows
and then track all subsequent traffic and see what it does and how
it behaves, thus building a profile of it.

We need to be very careful about blindly giving out different
transports together. We can default to a few obfs3 bridges, though,
instead of obfs3, scramblesuit, and fteproxy.

The above example is obvious contrived, and my not be used (often), but
it is a risk, and I'm mostly against playing that game unless we are
significantly harming peoples' abilities to access the internet.

Thanks for the feedback Philipp, very much appreciated!


More information about the tor-dev mailing list