[tor-dev] How to present multiple meek backends in Tor Launcher?
david at bamsoftware.com
Tue Aug 5 15:55:15 UTC 2014
On Tue, Aug 05, 2014 at 11:07:57AM -0400, Mark Smith wrote:
> On 8/3/14, 2:37 AM, David Fifield wrote:
> >On Sat, Aug 02, 2014 at 11:28:08PM -0700, David Fifield wrote:
> >>I made some test meek bundles that are capable of using the Amazon
> >>CloudFront CDN as a backend, in addition to Google App Engine that was
> >>supported before.
> >>To test it, go to the pluggable transport screen, and choose
> >>"meek-amazon" from the selection box.
> >I opened a ticket to discuss how this user interface can be improved.
> >While it's easy to add new entries like this (see
> >I'm worried that it's not so clear for most users. On what are they
> >supposed to base their decision? How could it be better?
> >A possibility is that we could include just one option in the bundles,
> >and distribute the others from BridgeDB or support assistants.
> Would it be possible (and safe for users) for meek to try Google and then
> try Amazon upon failure? It seems like that is what users will need to do
> themselves, unless they have access to other information such as
> "meek-google is not a good choice in my country but meek-amazon might work."
It would be possible (it's just one more layer on top of everything). To
probe both would create a little distinguishability: a censor could
block first connection attempts to Google (while allowing later
attempts), and see if the user tries immediately connecting to Amazon
when the Google connection fails.
If we auto-probe backends, we would want to keep the property that you
can configure your front from Tor Launcher. I was in an environment once
where www.google.com was blocked but fonts.googleapis.com was not. I was
able to connect by changing the Bridge line from
Bridge meek 0.0.2.1:1 url=https://meek-reflect.appspot.com/ front=www.google.com
Bridge meek 0.0.2.1:1 url=https://meek-reflect.appspot.com/ front=fonts.googleapis.com
More information about the tor-dev