[tor-bugs] #8705 [BridgeDB]: bridges.torproject.org Pluggable Transport configuration warnings
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 21 15:05:22 UTC 2013
#8705: bridges.torproject.org Pluggable Transport configuration warnings
-------------------------+--------------------------------------------------
Reporter: oscardelta | Owner: isis
Type: enhancement | Status: accepted
Priority: minor | Milestone:
Component: BridgeDB | Version:
Keywords: webUI | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Changes (by isis):
* owner: => isis
* keywords: Pluggable Transport, bridges, warnings => webUI
* status: new => accepted
* cc: isis@… (added)
* priority: major => minor
Comment:
Replying to [ticket:8705 oscardelta]:
> Instructions from !https://bridges.torproject.org/ aren't complete so I
tried to write better from the Vidalia help and
!https://blog.torproject.org/blog/different-ways-use-bridge
>
We are planning to deprecate Vidalia, and, given that the volume of
complaints generated about Vidalia's UI, I think it is unwise to model
future UI developments on Vidalia.
I have literally had Syrian activists slap me on the wrist for how
difficult it is for them to configure TBB correctly (for their situation,
for what I was advising them to try) using Vidalia. That said, I
completely agree with you that bridges.tpo needs improvements -- I just
don't think it's a good idea to attempt to improve one broken thing by
modelling it after another broken thing.
> (!https://bridges.torproject.org/)
> "(here I suggest to add the
!https://bridges.torproject.org/?transport=obfs3 link.
> It would be convenient to provide and highlight the active links from
the bottom of the page to here and for all the supported Transports than
to let the users to feel lucky with "Specify transport by !name:" form. I
suggest to rename the "Looking for obfsproxy bridges?" to specific obfs2)
>
Okay. Agreed.
> To receive your bridge relay address, please prove you are human
>
> Here is the address you asked for:
>
> x
>
> Another way to find public bridge addresses is to send mail to
bridges at torproject.org with the line "get bridges" in the body of the
mail. However, so we can make it harder for an attacker to learn lots of
bridge addresses, you must send this request from an email address at one
of the following domains:
>
> gmail.com
> yahoo.com
>
>
> To use the Bridge address, go to Vidalia's Network settings page, check
the "My ISP blocks connections to the Tor network" box and add the
bridges, one at a time, to the list.
>
There definitely should be better instructions, although I personallly
don't like the idea of having a cluttered page full of warnings that must
be updated constantly as situations change. Also, changing anything to say
"use Vidalia" now is not such a good idea; these things will need to be
changed yet again very soon, when https://gitweb.torproject.org/tor-
launcher.git is ready to be deployed.
>
>
> WARNINGS!
>
> Configuring more than one bridge address will make your Tor connection
more capable of circumvention, in case the Bridge became unreachable, but
also more recognizable, in case some bridge you are using became
recognized as Tor-specific relay.
> Tor Project bundles, by default, handshaking through the Internet with
all bridges listed in Vidalia's network settings. IT IS SUGGESTED to
replace all the default bridges from the list to minimize the probability
of recognition as Tor user BEFORE YOU START to use the Pluggable Transport
bundles
I ''believe'' this is not the case, I have not seen nor heard of any
censors detecting Tor by the number of simultaneous connection
initiations. Please correct me if I am wrong! :)
> 1. Go off-line
> 2. Launch Vidalia (start browser bundle)
> 3. Stop Tor
> 4. Configure the Bridges list
> 5. Restart the Vidalia and Tor (restart browser bundle)
> or
> 1. Redact the "torrc" before the first launch.
>
Honestly...these instructions do not make much sense to me. I doubt they
would make much sense to a person trying to figure out configuring using a
Bridge to connect to the Tor network for the first time.
>
> If you are using the Pluggable Transport Bundle for obfuscation rather
than for circumvention, so you got trusted Bridge, you should disable
Flash proxy bridges from connecting to your browser by deleting the
websocket bridge from the Bridges list. Read about default Flash proxy
configuration here
!https://trac.torproject.org/projects/tor/wiki/FlashProxyHowto
>
Hmm, perhaps starting with adding a FlashProxy page, like we have for IPv6
and obfs2 would be better? No need to confuse people with extra
information that is irrelevant to them.
> Even if your connection to the Tor have already leaked you could still
help the new users to obtain their first Bridge address without them
contacting the Tor directly.
>
I'm not sure that I understand what you're saying here...please explain
more?
> FAQ
>
> What is Tor bridge?
>
> "Bridge relays (or "bridges"
!https://www.torproject.org/docs/bridges.html.en for short) are the common
name for the cutting edge Tor entrance relays(entry nodes?) being
developed and running on the diverse Pluggable Transports servers
configuration.
> You could imagine your Pluggable Transport of choice is coursing between
your client and the Tor network first by the specialized (possibly hidden
or even private) Bridges, then routed by classic Tor to the Internet, and
back again.
>
> After you choose and configure the connection method(s) with Pluggable
Transports !https://www.torproject.org/docs/pluggable-transports.html.en
in your Tor client you should point it to the compatible "bridge". An
instance created from any of the current !https://cloud.torproject.org/
images will automatically be a normal bridge, an obfs2 bridge, and an
obfs3 bridge. (What do you suggest to use and why?)
>
> Are bridges significantly more secure than TBB direct relays? Should I
move to the PTB?
>
> Pluggable Transports have their specific advantages and disadvantages.
>
> The differences to the "direct relays"(basic Tor entry nodes?) are
> 1. Users can customize own connection priorities using Pluggable
Transports.
> 2. Relay authority can choose to publish bridge address to the Bridge
Authority (a special Tor Project relay collecting all bridge addresses
that it receives and providing it to users with interfaces like this
page), or to distribute it in any other ways.
> 3. !https://metrics.torproject.org/users.html#bridge-users to
!https://metrics.torproject.org/users.html#direct-users
>
> So Pluggable Transports could provide a significantly stronger
circumvention and obfuscation abilities but could add to the connection
latency so the TBB could be faster for a while"
>
Hmm...most of that also did not make sense to me. Also, none of it is
pertinent to what the user is trying to do when they get two bridges from
bridges.tpo.
> Please edit, move, just don't throw away all this as I have invested
time in this to help the project as much as I can.
Thanks for writing all this. In general, any UI improvements for Tor
Project things are most welcome, as we're not exactly known for having
amazing UI.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8705#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list