Hi there,
I don't want to declare it a showstopper outright, but:
On 8. Feb 2018, at 09:42, Karsten Loesing karsten@torproject.org wrote:
These sound like variants of the first disadvantage listed above. There are two additional assumptions in here, though:
- bridge operators use the same or a similar email address as their
bridge contact information and for mailing list/forum postings or in their whois information;
- bridge operators are running their bridges close to the host they're
using to post to mailing lists/forums or close to the host where they're hosting a registered domain.
Neither is required. The only assumptions are that it is possible to enumerate whois information for the entire v4 internet (which should be the case) and that it is possible to link the email address provided in the contact line with the name that's used in whois (which might or might not be easy, in my case it'd actually be trivial because the name is a part of my email address).
I can see situations where both assumptions are met. But I think, overall, that the likelihood of locating a bridge by connecting contact information to mailing list archives, forum postings, or whois information makes this attack rather unattractive.
I'd say let's list this as another possible disadvantage, and let's compare them all to the possible advantages at the end.
Unless you thought of this as a show-stopper, in which case I'd kindly ask you to elaborate.
Thanks for the feedback, Geoff and Sebastian!
Just to summarize how the attack would work, you link the email to anything containing a real name, you crawl whois for IPs assigned to people with that name, unless they use some anonymizing technique you get a (small) list of candidate IP addresses to test.
Cheers Sebastian