On Fri, Jul 25, 2014 at 07:32:42AM +0000, isis wrote:
Lunar transcribed 2.1K bytes:
isis:
PS: why are we still shipping obfs2 bridges?!
tl;dr: Because we have them.
The protocol is known to be broken and fingerprintable. That's something we know. Not users. If BridgeDB is giving them out, then it must be that it's ok to use, right?
It still works to get past many corporate/university firewalls, from what I understand. And the UI clearly says that "obfs3" is recommended. It even defaults to giving "obfs3" if you ask for transports. You'd have to specifically request "obfs2" to get them.
I agree, and I think it's safe to assume that some nation-state adversaries do not have these capabilities yet. Users should choose obfs3 over obfs2, but if a user has a reason for requesting obfs2 then I don't think we should deny them.
obfs2 is dangerous when used to circumvent the strongest adversaries in the world. Luckily we have a very diverse userbase and not all users have the same requirements :) (I honestly do say this in the most loving way possible)
We can't just make Tor Browser stop accepting obfs2 because some people are using obfs2 bridges right now. But we shouldn't add more people to the set of users of a broken protocol.
Obfs3 is also "broken", it's just that we haven't yet seen a DPI box do it IRL. If you want me to only hand out the holy grail, I'm never going to hand anything out.
It's probably safer to say that obfs3 is a weaker protocol than we think may adequately protect users against some powerful adversaries. (Yes, I'm splitting hairs/bikeshedding, please don't throw your laptop! but I think we, as a community, have not seen evidence to support this yet (as far as I know) and saying it is broken is unnecessarily scary right now). This could change at any time, though, so we should make sure we're ready to flip the default to the next transport when that time comes (and I do think we are). <3