[tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 7 01:12:36 UTC 2020 

#33815: vanguards with meek - do or don't?
--------------------------+----------------------------------
 Reporter:  cypherpunks   |          Owner:  (none)
     Type:  task          |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  vanguards     |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------

Comment (by mikeperry):

 Q1-Q2) I need to look into this more, but meek-azure is not an obviously
 bad choice, if it still works. I am pretty sure it does not have cover
 traffic protections like obs4, and the azure cloud provider gains at least
 all capabilities of the local adversary, and may also gain some network
 adversary capabilities too. I also would have to double-check the specific
 meek-azure implementation to make sure you still get a properly
 authenticated connection to a guard node, or if there is another private
 bridge on the back-end (and if so, if that bridge is authenticated with a
 fingerprint).

 Q3) I was speaking about the protocol, not who ran the bridges (or who has
 access to Azure cloud or can compel them).

 Q4). For high volume onion services, adding additional local client
 traffic is unlikely to help much. I am also reluctant to make this
 recommendation in the general case, and that README is not the right place
 to go deep into the many different traffic analysis rabbit holes, because
 they are not strongly solved. The only reason that README goes as far as
 it does is because such a treatment is necessary to understand the effect
 and interaction of many options, protocols, other addons, and other
 components already provided by the Tor Project.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33815#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list