[tor-bugs] #4392 [Tor Bridge]: UpdateBridgesFromAuthority is problematic
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Nov 5 02:12:16 UTC 2011
#4392: UpdateBridgesFromAuthority is problematic
------------------------+---------------------------------------------------
Reporter: Sebastian | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Bridge | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
When UpdateBridgesFromAuthority is set to 1, Tor makes a direct connection
to Tonga to fetch the bridge descriptor referenced in the configuration,
as long as it includes the fingerprint. This happens before even trying
the bridge directly, so we definitely leak to censors that a) we're a tor
client, trying to use bridges; and b) that we'll soon connect to a real
bridge IP:port. Back when Tonga wasn't blocked, this seemed fine, but now
that we have adversaries that actually pick up on the Tor handshake or
network behavior and send active probes, this seems like a poor idea.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4392>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list