[tor-dev] Some naive Ideas for Bridge Distribution

Max Maass 0maass at informatik.uni-hamburg.de
Sat Dec 31 13:52:21 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

first off, I am only a third-semester computer science student from
germany, so most likely, you will already have thought about these
Ideas and discarded them. The reason I am writing them anyway is that
there is still the small chance that it might help, and that I would
like to learn why the other ideas won't work.

So, during 28C3 I heard the TOR-Talk and it was mentioned that you are
looking for ways to distribute Bridges that are harder to ban by the
GFW, and it was mentioned that you are in need of more changing IPs.
It was also mentioned that the GFW is following up every SSL
connection and is trying to "speak TOR" on them to identify Bridges.

So, some ideas:
- - You mentioned that these follow-up connections are of an old version
of TOR. That version doesn't have any blatant security holes, does it? ;-)

- - I think you are already doing IP forwarding for bridges to gain some
more IPs. Why not give us a small tool we can run on our PC / Server
that is doing this forwarding. I think you can get many people to run
this tool, and maybe you can even build a flash version of it, like
the flash TOR Node you (or someone else, I don't remember) did a few
weeks ago.

- - You could also use HTTP Requests for these forwarders, to confuse
the GFW a bit if it tries to follow them up.

- - And, if you want to annoy them even more, you can maybe make the
first response the default "I don't know what you are talking about"
HTTP Response, so the GFW get's a lot of false positives if they
follow up every SSL connection (Because the other Servers they are
contacting will most likely will throw this Response if someone tries
to contact them with the TOR-Version of HTTP Requests).

- - Make it easier to host a bridge. I tried it a while ago and it did
not work for me, for some reason (I don't remember anymore what the
reason was, but I always got some weird error message, and the
internet could not help me with it. I might try again now, though).
For example: Work with the guys from DD-WRT or OpenWRT to add a
TOR-Module to the Router firmware. If it only takes one checkmark to
create a TOR Node / Bridge, more people will be likely to do it, and
most routers are online 24/7, as opposed to maybe 10 hours a day or
less if you use a regular PC.

- - In addition to that: A ARM-Version of TOR that runs on Network
Attached storages (For example: Synology gives the users the ability
to SSH into their Box and install a packet manager). I have seen that
you are already developing a ARM-Version, but I have also read that it
does not work properly on Synology Hardware. I would be willing to
test any ARM-Release for you on my DS211j.

So, I hope that I have not wasted your time completely, and I am
looking forward to being told why these things won't work (Or that you
are already working on implementing them).

Keep up your great and important work!

Max
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJO/xOVAAoJEDxYz0BvOJH8E78H/AuS1gSx6Bb7tP3JeqHqZVL0
j0tDSTqW9554CmGA9TmSe5OWc+tbkDc0ULrmr2smNucE8NOT/ylCEr5Ck/JR7ra1
nwILRzrjVwV5MyOrOgtsAce57+K/SFQCBo4N+mdhOOIMfcMnjxDWr3LVFkdO0PQ4
/eP2Zfuj7aDj3nHDiG8ipqnYlfg+bCPxEcx93dHyHqf8LIuPfYBTVp7v6T+ntLKI
q1HI3INqvjpMdcbOtbPSAXqXci6kIK2Y6v5gfXD5v3qI0LDW81wL5mFV5vUvRT0p
cUc8AxYoxjsK7E+JXGBmihdrGgO6GXxfyRIcR5eHZCHRqRA78wPP0fBIj0CwrnY=
=xyJ5
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list