On Sun, Sep 01, 2013 at 10:41:37PM -0700, David Fifield wrote:
I don't know how Tor decides which PT bridges to use. I would guess that it treats them like any other Bridge lines in torrc.
Right. It connects to every one of your bridges, using whatever transport it requires, in order to get the bridge descriptor. Then it chooses randomly among all of them (think of all of your bridges being your guards) when it needs one.
You should see this ticket and blog post: "Config option to declare whether you're using bridges for reachability or for security" https://trac.torproject.org/projects/tor/ticket/4624 https://blog.torproject.org/blog/different-ways-use-bridge
Right.
This first kind of user is likely to have to take some extraordinary steps while using Tor in any case. I don't think we have a plan for how to make a bundle that, in its default configuration, is safe to use for all such users. However we can make a bundle that does reachability with no special configuration, so that's what we're doing.
The new 3.0 series bundles ask you, on startup, whether you are able to connect directly to Tor or whether you have to do your own manual configuration (like adding bridges). The option to launch only one specific safe transport could in principle be added to such a UI.
Right. I think one of the main next tickets to focus on there is https://trac.torproject.org/projects/tor/ticket/5018 which I just noticed has a patch waiting for review (please help!)
If we ship pluggable transports in the main browser bundle, but they're only launched when you add a bridge line that wants them, then we're on our way to letting you use only the transport(s) that you think are safe.
--Roger