[tor-dev] Tor Launcher settings UI feedback request

[adrelanos]

Andrew Lewman:
> On Fri, 3 May 2013 16:05:15 -0400
> "Runa A. Sandvik" <runa.sandvik at gmail.com> wrote:
> 
>> I disagree. The Tor help desk sees a ton of requests from users saying
>> that Tor is unable to connect, and the simple fix is to give them a
>> bridge or two. Not all users know what they need to connect, and not
>> all users will know the difference between bridge, obfs2, and obfs3.
> 
> One answer is the user shouldn't care. Tor Browser should automatically
> loop through the various kinds of connectivity and just connect.
> non-obfs bridges really should get wholly replaced with obfs bridges en
> masse. 

Probing doesn't work well for people in countries where using Tor is
dangerous.

I think you should completely drop the "hide Tor from your ISP, because
it's dangerous in your country" use case. It's an arms race you already
lost and conceptually always can easily lose against endless data
retention with retroactive policing. Even if you had a perfect
unbreakable obfsproxy working perfectly for private bridges, 100% always
hiding Tor would still be a complicated bootstrap problem no regular
user in those countries won't be able to solve.

Quote Jacob Appelbaum (in context of private obfuscated bridges) [1]

> Some pluggable transports may seek to obfuscate traffic or to morph
it. However, they do not claim to hide that you are using Tor in all
cases but rather in very specific cases. An example threat model
includes a DPI device with limited time to make a classification choice
- so the hiding is very specific to functionality and generally does not
take into account endless data retention with retroactive policing.

[1] https://mailman.boum.org/pipermail/tails-dev/2013-April/002950.html