[tor-bugs] #8705 [BridgeDB]: bridges.torproject.org Pluggable Transport configuration warnings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 15 22:39:30 UTC 2013
#8705: bridges.torproject.org Pluggable Transport configuration warnings
----------------------------------------------------+-----------------------
Reporter: oscardelta | Owner:
Type: enhancement | Status: new
Priority: major | Milestone:
Component: BridgeDB | Version:
Keywords: Pluggable Transport, bridges, warnings | Parent:
Points: | Actualpoints:
----------------------------------------------------+-----------------------
Instructions from !https://bridges.torproject.org/ aren't complete so I
tried to write better from the Vidalia help and
!https://blog.torproject.org/blog/different-ways-use-bridge
(!https://bridges.torproject.org/)
"(here I suggest to add the
!https://bridges.torproject.org/?transport=obfs3 link.
It would be convenient to provide and highlight the active links from the
bottom of the page to here and for all the supported Transports than to
let the users to feel lucky with "Specify transport by !name:" form. I
suggest to rename the "Looking for obfsproxy bridges?" to specific obfs2)
To receive your bridge relay address, please prove you are human
Here is the address you asked for:
x
Another way to find public bridge addresses is to send mail to
bridges at torproject.org with the line "get bridges" in the body of the
mail. However, so we can make it harder for an attacker to learn lots of
bridge addresses, you must send this request from an email address at one
of the following domains:
gmail.com
yahoo.com
To use the Bridge address, go to Vidalia's Network settings page, check
the "My ISP blocks connections to the Tor network" box and add the
bridges, one at a time, to the list.
WARNINGS!
Configuring more than one bridge address will make your Tor connection
more capable of circumvention, in case the Bridge became unreachable, but
also more recognizable, in case some bridge you are using became
recognized as Tor-specific relay.
Tor Project bundles, by default, handshaking through the Internet with all
bridges listed in Vidalia's network settings. IT IS SUGGESTED to replace
all the default bridges from the list to minimize the probability of
recognition as Tor user BEFORE YOU START to use the Pluggable Transport
bundles
1. Go off-line
2. Launch Vidalia (start browser bundle)
3. Stop Tor
4. Configure the Bridges list
5. Restart the Vidalia and Tor (restart browser bundle)
or
1. Redact the "torrc" before the first launch.
If you are using the Pluggable Transport Bundle for obfuscation rather
than for circumvention, so you got trusted Bridge, you should disable
Flash proxy bridges from connecting to your browser by deleting the
websocket bridge from the Bridges list. Read about default Flash proxy
configuration here
!https://trac.torproject.org/projects/tor/wiki/FlashProxyHowto
Even if your connection to the Tor have already leaked you could still
help the new users to obtain their first Bridge address without them
contacting the Tor directly.
FAQ
What is Tor bridge?
"Bridge relays (or "bridges"
!https://www.torproject.org/docs/bridges.html.en for short) are the common
name for the cutting edge Tor entrance relays(entry nodes?) being
developed and running on the diverse Pluggable Transports servers
configuration.
You could imagine your Pluggable Transport of choice is coursing between
your client and the Tor network first by the specialized (possibly hidden
or even private) Bridges, then routed by classic Tor to the Internet, and
back again.
After you choose and configure the connection method(s) with Pluggable
Transports !https://www.torproject.org/docs/pluggable-transports.html.en
in your Tor client you should point it to the compatible "bridge". An
instance created from any of the current !https://cloud.torproject.org/
images will automatically be a normal bridge, an obfs2 bridge, and an
obfs3 bridge. (What do you suggest to use and why?)
Are bridges significantly more secure than TBB direct relays? Should I
move to the PTB?
Pluggable Transports have their specific advantages and disadvantages.
The differences to the "direct relays"(basic Tor entry nodes?) are
1. Users can customize own connection priorities using Pluggable
Transports.
2. Relay authority can choose to publish bridge address to the Bridge
Authority (a special Tor Project relay collecting all bridge addresses
that it receives and providing it to users with interfaces like this
page), or to distribute it in any other ways.
3. !https://metrics.torproject.org/users.html#bridge-users to
!https://metrics.torproject.org/users.html#direct-users
So Pluggable Transports could provide a significantly stronger
circumvention and obfuscation abilities but could add to the connection
latency so the TBB could be faster for a while"
Please edit, move, just don't throw away all this as I have invested time
in this to help the project as much as I can.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8705>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list