[tor-talk] anonymity: bridge users vs. entry guard users
arma at mit.edu
Sat May 26 06:03:10 UTC 2012
On Fri, May 25, 2012 at 06:07:35PM +0200, proper at secure-mail.biz wrote:
> If I understand correctly, a bridge will be used as the first of three hops.
Yes. See also Item #2 on
including proposal 188:
> While users in non-censored areas can will use a certain amount of entry guards, users in censored areas get only three bridges per mail.
> The entry guard users are more unlikely to suffer from unstable (goes
>offline) entry guards and blocking is also no issue. I read, that 80%
>of all bridges are blocked.
Bridges are basically not blocked at all outside of China. In China,
Tor is currently blocked by protocol. See Philipp Winter's "How China
Is Blocking Tor", as well as
(Pluggable transports like obfsproxy continue to work fine in China.)
> Therefore I think it's safe to assume that
>2 of 3 bridges, bridgedb gives out to users, are already blocked. And
>over time probable also that bridge will get blocked and the user has
>to request new bridges.
> That means, that bridge users rotate their first hops more often than
>entry guard users. Is that true?
Depends how much they care to use Tor. Rotation in the bridge case is
manual, and rotation in the entry guard case is automated.
> If that is true, that also means, that bridge users are sufficiently
>more vulnerable to attacks, which are circumvented by entry guards?
They're probably more vulnerable, but I don't know if I'd say
"sufficiently". There are a lot of attacks to balance. I would worry
just as much about "most bridge users don't know the identity fingerprint
of their bridge":
and I'd probably worry even more about "there are different requirements
to get the Guard flag than there are to sign up as a bridge":
Seems to me that the current bridge approach is unmanageable, because we
need more varied bridge addresses, better transports, better distribution
Stay tuned to http://freehaven.net/anonbib/ for more.
More information about the tor-talk