Bridge operator iat_mode setting
Hi All, I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it? Best regards, Luiz Sent with [ProtonMail](https://protonmail.com) Secure Email.
Hi Luiz Am 23.02.2021 um 02:18 schrieb torjoy:
I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it?
There might be other sources, but this is a short and nice one: [ https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md ] § The Best Way To Use Bridges Note the use of the iat-mode=2 parameter. Setting iat-mode=2 (as opposed to iat-mode=0 or 1) causes obfs4 to inject traffic timing changes into your outgoing traffic, which is exactly the direction you want as a service. The bridge itself does not need to have the same setting. You can apply it to the client and/or the bridge. The outbound timing will be handled accordingly. -- Cheers, Felix
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. Kudos to you my friend. - William 2021-02-23 1:18 GMT, torjoy <south_america_bridges@protonmail.com>:
Hi All,
I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it?
Best regards,
Luiz
Sent with [ProtonMail](https://protonmail.com) Secure Email.
On 2/24/2021 12:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions.
Kudos to you my friend.
- William Should I take this as a recommendation to update my bridges to support iat_mode=2.
Cheers.
2021-02-23 1:18 GMT, torjoy <south_america_bridges@protonmail.com>:
Hi All,
I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it?
Best regards,
Luiz
Sent with [ProtonMail](https://protonmail.com) Secure Email.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
---------------------------------------------------------------------- This e-mail was checked for spam by the freeware edition of CleanMail. The freeware edition is restricted to personal and non-commercial use. You can remove this notice by purchasing a commercial license: http://antispam.byteplant.com/products/cleanmail/index.html
If you run more than three bridges, run an even distribution of bridges with iat_mode set to 0, 1 and 2, if you run only three bridges, one with each setting, if two, then 0 and 2, if only one, run it with 2 due to the lack of bridges supporting it, et cetera. That's how I would handle it.. - William 2021-02-24 23:44 GMT, Eddie <stunnel@attglobal.net>:
On 2/24/2021 12:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions.
Kudos to you my friend.
- William Should I take this as a recommendation to update my bridges to support iat_mode=2.
Cheers.
2021-02-23 1:18 GMT, torjoy <south_america_bridges@protonmail.com>:
Hi All,
I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it?
Best regards,
Luiz
Sent with [ProtonMail](https://protonmail.com) Secure Email.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
---------------------------------------------------------------------- This e-mail was checked for spam by the freeware edition of CleanMail. The freeware edition is restricted to personal and non-commercial use. You can remove this notice by purchasing a commercial license: http://antispam.byteplant.com/products/cleanmail/index.html
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thanks for all your answers guys! Now i know that i'm doeing good running bridges in different iat modes. Actually I'm running 4 bridges, and two have iat_mode set to 0 and two others set to 1 and 2 respectively. I also have a question about bridges speed. It seems that when I do use of my bridge (that is in same network of my PC) the connection is too slow (~1Mbps using relays in a circuit that clearly (by seeing it in tor metrics) has high bandwidth). I do use it as a guard relay. But, when i disable the settings, using the same circuit or an very similar one I can see that the speed bumps to more than 4 Mbps. Is there any optimizations that I can do in my bridge relay? I have 20 Mbps uplink and 200 Mbps downlink here. Set my speed setting to 10 Mbps maxium in torrc. I can also see that bridge is not overloaded (no high cpu usage and low number of connections around 180 for now). Best regards, Luiz Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Em segunda-feira, 1 de março de 2021 às 10:38, William Kane <ttallink@googlemail.com> escreveu:
If you run more than three bridges, run an even distribution of bridges with iat_mode set to 0, 1 and 2, if you run only three bridges, one with each setting, if two, then 0 and 2, if only one, run it with 2 due to the lack of bridges supporting it, et cetera.
That's how I would handle it..
- William
2021-02-24 23:44 GMT, Eddie stunnel@attglobal.net:
On 2/24/2021 12:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. Kudos to you my friend.
- William Should I take this as a recommendation to update my bridges to support iat_mode=2.
Cheers.
2021-02-23 1:18 GMT, torjoy south_america_bridges@protonmail.com:
Hi All, I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it? Best regards, Luiz Sent with ProtonMail Secure Email.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
This e-mail was checked for spam by the freeware edition of CleanMail. The freeware edition is restricted to personal and non-commercial use. You can remove this notice by purchasing a commercial license: http://antispam.byteplant.com/products/cleanmail/index.html
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2/24/21 9:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions.
At my client I have iat_mode=2 set but I do wonder how to set that as default at a bridge? -- Toralf
"ServerTransportOptions obfs4 iat-mode=2" in torrc On February 25, 2021 11:16:52 AM GMT+03:00, "Toralf Förster" <toralf.foerster@gmx.de> wrote:
On 2/24/21 9:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions.
At my client I have iat_mode=2 set but I do wonder how to set that as default at a bridge?
-- Toralf
Hi William, You can do it by setting: ServerTransportOptions obfs4 iat-mode=2 at your bridge's side. Best regards, Luiz Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Em quinta-feira, 25 de fevereiro de 2021 às 05:16, Toralf Förster <toralf.foerster@gmx.de> escreveu:
On 2/24/21 9:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions.
At my client I have iat_mode=2 set but I do wonder how to set that as default at a bridge?
---------------------------------------------------------------------------------------------
Toralf
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 25. Feb 2021, at 18:30, Toralf Förster <toralf.foerster@gmx.de> wrote:
On 2/24/21 9:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. SO why is this not the default?
And why did I read about this the first time in a mailing list?
-- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I just added that feature to my bridge today! That line of code should be on the tor site so that bridge runners can automatically add it to their torrc files. Sent from ProtonMail mobile -------- Original Message -------- On Feb 25, 2021, 12:30 PM, Toralf Förster wrote:
On 2/24/21 9:34 PM, William Kane wrote:
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. SO why is this not the default?
-- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Feb 25, 2021 at 06:30:35PM +0100, Toralf Förster wrote:
SO why is this not the default?
The feature introduces a substantial performance penalty for a dubious and poorly understood privacy gain. If I were to write an algorithm to detect obfs4, I wouldn't bother dealing with its flow properties; there are easier ways to identify the protocol. In hindsight, it was probably a mistake to expose the iat option to users and bridge operators. Cheers, Philipp
So should I remove that instruction from torrc? Sent from ProtonMail mobile -------- Original Message -------- On Feb 25, 2021, 4:14 PM, Philipp Winter wrote:
On Thu, Feb 25, 2021 at 06:30:35PM +0100, Toralf Förster wrote:
SO why is this not the default?
The feature introduces a substantial performance penalty for a dubious and poorly understood privacy gain. If I were to write an algorithm to detect obfs4, I wouldn't bother dealing with its flow properties; there are easier ways to identify the protocol. In hindsight, it was probably a mistake to expose the iat option to users and bridge operators.
Cheers, Philipp _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (9)
-
Anonforpeace -
Dmitrii Tcvetkov -
Eddie -
Felix -
niftybunny -
Philipp Winter -
Toralf Förster -
torjoy -
William Kane