[tor-project] Many bridges (22%) have nickname "ki"

Yawning Angel yawning at schwanenlied.me
Tue Dec 13 21:48:10 UTC 2016


On Tue, 13 Dec 2016 16:26:02 -0500
David Goulet <dgoulet at ev0ke.net> wrote:

> On 13 Dec (21:11:17), Yawning Angel wrote:
> > On Tue, 13 Dec 2016 10:37:31 -0800
> > David Fifield <david at bamsoftware.com> wrote:
> >   
> > > This is a bit of a followup to my earlier post on obfs4 bridges
> > > with formulaic nicknames:
> > > https://lists.torproject.org/pipermail/tor-project/2016-November/000809.html
> > > 
> > > 
> > > Those bridges are still there, but today I noticed a new
> > > weirdness: 756 bridges all having the nickname "ki". 756 is 21.8%
> > > of the total number, 3464. At the moment, "ki" far outnumbers
> > > every other nickname, apart from "Unnamed":  
> > [snip]
> > 
> > Should both groups be dropped at the BridgeAuth or what?  As far as
> > I am aware, there is nothing that is doing Sybil detection at the
> > Bridge level, and I don't really think that's an arms race that's
> > winnable (even at the standard relay level, it feels like an uphill
> > battle).
> > 
> > If I were to hypothesize, it's probably someone's botnet/malware or
> > something (in both cases), but that's just a guess and it could be
> > something either more nefarious, or more benign.  
> 
> Yes, we should be safe here and reject those.

Looking forward...

What are we going to do/can we do when the person wises up and changes
the bridge naming scheme?

IMO we *should* run as much of the sybil detection stuff that we can on
bridges, but this relies on code that someone has to write, and
infrastructure that someone has to set up, so my opinion probably
doesn't count for much since I do not have the time to do either.
Should our Bridge anomaly detector have access to unsanitized bridge
descriptors?  Does it need to?

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20161213/55e92501/attachment.sig>


More information about the tor-project mailing list