[tor-dev] Email Bridge Distributor Interactive Commands

Sat Jul 26 08:36:45 UTC 2014

On Sun, Jul 20, 2014 at 06:07:03PM -0400, Philipp Winter wrote:
> On Sun, Jul 20, 2014 at 06:52:44PM +0000, Matthew Finkel wrote:
> > So, the questions I am posing to those in the community who has an
> > opinion about this: What do you think? What problems do you currently
> > have with this?  How can this be improved?
> 
> Non-technical users might be confused by the parameters.  Perhaps we
> could drop the "transport" parameter and have the following flat
> hierarchy?
>   get vanilla
>   get ipv6
>   get obfs3
>   get fte
>   get scramblesuit
>   etc
> 

So you think we should accept (roughly) the regex "^.*(\w*)$" and
return bridges based on the last token? I think we can do something
like this. I do think, based on other responses, that we have some
other open questions, though. Listing multiple token on a single will
become more difficult, but we can figure something out.

> An even simpler option would be to also drop "get" and simply look for
> the keywords "vanilla", "obfs3", ... in the email subject and body.
> 
> Also, if the user fails to form a valid email, I think we should still
> reply with a set of bridges.

This is a tricky problem:

  "I'm TorBrowser, I know about N bridges, but I don't know which ones
   I should use, so I will pick a few and try them."

  "I'm <adversary>. Wow, look at this traffic coming from
   <ip address>! That looks odd, I see this traffic that looks like
   Tor, BLOCK! And another flow that looks like obfs2, BLOCK! and
   another that looks like...huh, I don't recognize it. Let's play
   it safe. BLOCK!"

Alternatively the adversary could simply detect recognizable tor-flows
and then track all subsequent traffic and see what it does and how
it behaves, thus building a profile of it.

We need to be very careful about blindly giving out different
transports together. We can default to a few obfs3 bridges, though,
instead of obfs3, scramblesuit, and fteproxy.

The above example is obvious contrived, and my not be used (often), but
it is a risk, and I'm mostly against playing that game unless we are
significantly harming peoples' abilities to access the internet.

Thanks for the feedback Philipp, very much appreciated!