[tor-dev] design for a Tor router without anonymity compromises

coderman coderman at gmail.com
Sun May 3 11:12:59 UTC 2015

On 5/3/15, intrigeri <intrigeri at boum.org> wrote:
> ...
> Just to clarify, the threat model explicitly doesn't include "Attacker
> is able to reconfigure Tor on a client system to use an arbitrary set
> of bridges", right?


neither bridges nor pluggable transports are supported. i have added a
FAQ entry for this. thanks!

in the future, it would be useful to have a way to securely distribute
bridges or obfuscated proxies to trusted user on the local network.
however, this is not a trivial task, and you'd want to avoid
compromising all of your bridges at once if a failure occurs.

last but not least, if your attacker is coordinating the attack over
Tor, obviously this cannot be thwarted at the local network level by a
Tor router device. host security is critical, even with a Tor
enforcing router as backup. that's a longer subject i need to think
about more before writing anything useful.

best regards,

More information about the tor-dev mailing list