[tor-dev] Building better pluggable transports (Google Summer of Code)
tariq.elahi at uwaterloo.ca
Wed May 29 17:17:02 UTC 2013
On 2013-05-29 5:48 AM, Philipp Winter wrote:
> On Tue, May 28, 2013 at 07:55:45PM -0400, Tariq Elahi wrote:
>> 2. Can manipulate (add, delete, change) said traffic in time and data
> The challenge is to predict what can actually be done with these three simple
> atoms. Be it terminating non-whitelisted TCP connections after 60 seconds,
> hijacking TCP connections after authentication or actively probing suspicious
It is challenging to predict, but since the censor is a black box we can
only make assumptions and hope that they are over estimations of the
censor's capabilities, that is if the capabilities can be ordered
(partially or totally).
Also, Tor tries to satisfy a range of users behind a range of censorship
regimes. Circumvention solutions that work with Tor inherit this diverse
user base. Balancing diversity of user base (with censorship regime)
with efficacy of circumvention is something that needs further looking
>> 3. Block *all* information leakage events. This means if even one ILE occurs
>> the circumventor wins.
> I suppose, in practice it's absolutely sufficient to block most of it. Plenty
> of deployed censorship systems are trivial to circumvent by exploiting specific
> DPI shortcomings (should we call it "spear circumvention"?).
I like that. Like a spear it attacks one weak link, but like a spear it
doesn't catch (feed) much.
> But only if you
> have the knowledge to do that. If only the very small technical elite is able
> to bypass the filters, you effectively win.
Going back to the point above, the tech elite are just some of the Tor
user base. If this is who the circumvention system should serve then
awesome. If not then we have more thinking to do.
> There's also a social component. If you, as a censor, can spread enough FUD
> about the national filter, people might not even try to circumvent it.
This is true. FUD works. But I don't think that is something we can
address through technological means, unless we're talking about keeping
ppl anonymous so that they may test the FUD without repercussions.
More information about the tor-dev