[tor-relays] We need bridges with iat-mode set to 1 and especially 2 as well!

s7r s7r at sky-ip.org
Fri Jan 21 13:43:20 UTC 2022

juckiuscaesar at web.de wrote:
> Hi,
> Setting up more and more obfs4 bridges is fine, but it literally took me 
> 1 hour to get a bridge supporting iat-mode=2 through 
> https://bridges.torproject.org (that is knowing how to circumvent the 
> fingerprinting measures on that site, which are intended to make it 
> harder for adversaries to get bridge IP's), this is unacceptable as this 
> is the only way I can connect to Tor in my country.
> obfs4 has the possibility to obfuscate the packet size and timing of the 
> underlying protocol it obfuscates, so why is almost no bridge using it?
> A call for action is needed, additionally, please also add information 
> about this to the "How to set up a Relay / Bridge" pages.
> Please do something.
> Regards,
> Anonymous

Running in iat-mode=2 requires more than editing the obfs4 bridge config 
in $DATADIRECTORY/pt_state ?

I wonder why it is not possible to have the bridge client negotiating 
the iat-mode when connecting to a bridge. So that all obfs4 bridges 
could run in iat-mode 0, 1 and 2. By reading the obfs4 spec I can see 
only these 3 possible values for iat-mode, is there any other?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220121/3f8e96c0/attachment.sig>

More information about the tor-relays mailing list