[tor-dev] Flash proxy deployment

Philipp Winter identity.function at gmail.com
Fri Jul 13 10:09:51 UTC 2012

Perhaps, the flash proxy concept could also be used for bridge reachability
scanning [1].

Web sites could embed JavaScript code which tries to establish a connection to a
provided bridge. The result (reachable or not) is then sent back. When users
from different censoring countries visit one of these web sites, they scan the
given bridge and report whether it is reachable or not from their vantage point.
That way, we could get a more detailed idea of which bridges are blocked and
where. This would open the gates for reputation-based bridge distribution
strategies [3].

Naturally, there are problems:

- How do we give the bridges to be scanned to the web site visitors without
  making it easy to enumerate them?

- Bridges are not just blocked on the IP layer but also on the TCP layer or
  during the SSL handshake. Flash/WebSockets lack the flexibility to do
  fine-grained scanning across protocol layers. Maybe this problem could be
  solved by the web server impersonating proposal [2].

- Web site visitors need to get the script as well as the bridges to scan from
  somewhere. This "somewhere" can be blocked. In order to avoid that, the script
  could be hosted on a large provider which the censor is unwilling to block.

- Making web site visitors scan bridges without their knowledge or informed
  consent is problematic.

I don't have a lot of faith in this idea but I figured it would be worth posting
it here.

[1] https://blog.torproject.org/blog/research-problem-five-ways-test-bridge-reachability
[2] https://lists.torproject.org/pipermail/tor-dev/2012-June/003673.html
[3] http://freehaven.net/anonbib/#proximax11

More information about the tor-dev mailing list