[tor-relays] Prepping bridges for censorship

Keifer Bly keifer.bly at gmail.com
Sat Jun 23 00:20:23 UTC 2018 

Yes, that’s a good point. I just thought that on observing that, it might be too easy for a censoring isp to block tor just by blocking the ports the relays usually listen on, or identify tor easily by port number even when using obfscated bridges. Good point though, thanks

Sent from my iPhone

> On Jun 22, 2018, at 4:40 PM, teor <teor2345 at gmail.com> wrote:
> 
> Hi,
> 
> (This thread has a lot of top-posting, so I cut the context.)
> 
>> On 23 Jun 2018, at 06:54, Matthew Glennon <matthew at glennon.online> wrote:
>> 
>> No - and I don't think a standard port should be chosen. Tor comes with defaults and that's probably good enough. Keep them if you want, or customize them to fit your situation - the consensus has no problem adjusting to your customer port numbers. On the contrary, allowing a bad actor to know (for sure) what port a Bridge is using is bad news for the security of the network as a whole. It's a much better idea to let the Bridge Operator adjust the port number to their situation since they have to advertise the port to their subscribers externally anyway. For Guards, it doesn't really matter since the IP/Port pair is listed in the consensus.
> 
> Last time I checked:
> About 40% of relays were on 9001/9030 (the defaults)
> About 40% of relays were on 80/443 (the HTTP ports)
> The rest were on other ports
> 
>> Using 443/80 really doesn't matter if you intend to run a Middle - since tor <-> tor shouldn't be a problem.
>> There's no real downside to using 443/80 on a Guard; you may very well be available to more clients as a result of using it.
> 
> Using 80/443 on a guard makes some middleboxes think they can modify your traffic.
> Instead, the modification breaks Tor's security guarantees, so Tor clients can't
> connect.
> 
> Having a range of ports for guards is good for the network and good for clients.
> The same arguments apply to bridges.
> 
> T
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list