[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?
isis at torproject.org
Mon Jul 28 01:59:46 UTC 2014
Mirimir transcribed 2.8K bytes:
> On 07/24/2014 08:38 PM, Matthew Finkel wrote:
> > Another distribution method is currently being written and we will
> > write others in the future, but please help us provide another way
> > (yes, you, please help us if the current situation is unsatisfactory!).
> > The more people we can safely help, the better.
> In wiki:org/projects/projectM/brainstorming I see "Better support for
> "Proximax" scheme". But I haven't found anything in trac.torproject.org
> that mentions the DNS-based fast flux approach presented in McCoy et al.
> (2011). For example, I see nothing about that in ticket 7520.
> Has the DNS-based fast flux approach been explicitly rejected?
> If so, why?
> As background, McCoy and coworkers explain:
> | As previously stated, each registered user has an individualized
> | host name (which take the form of a unique domain name registered
> | with DNS). In order to make it difficult to discover and ban
> | channels we piggyback on the DNS infrastructure, using a
> | technique, commonly employed by botnets and malware distributors,
> | called fast flux. As part of this technique Proximax will register
> | multiple proxies to the same domain name and uses round-robin DNS
> | along with short Time-To-Live (TTL) values to create a constantly
> | changing list of proxies for that single domain name. This
> | additionally allows Proximax to automatically load balance
> | resources by adding and removing proxies based on current
> | utilization levels.
> Even so, Proximax is vulnerable to adversaries who register multiple
> users, and then block bridge IP addresses that they learn, perhaps at
> plausibly gradual rates. Starzer proposes a defense against such
> adversaries. In his version, each bridge domain name is assigned to a
> group of users. Group reputation increases over time, and
> high-reputation groups preferentially get both new bridge IP addresses
> and new members. Groups are split whenever one of their bridges is
> blocked, and the reputations of both subgroups are reduced. Over time,
> an adversary's users become restricted to increasingly smaller groups
> with increasingly poor reputations.
> I do see similar ideas in trac.torproject.org, but no cites to Michael
> Starzer's masters thesis.
Hey, thanks very much for mentioning that paper! I've somehow not seen it
before. I'm putting it at the top of my reading list. :)
>  wiki:org/projects/projectM/brainstorming
>  McCoy et al. (2011) Proximax: A Measurement Based System for
> Proxies Dissemination
>  Tor ticket 7520 <https://trac.torproject.org/projects/tor/ticket/7520>
>  Starzer, M. (2013) Optimizing Tor Bridge Distribution (Masters
> Thesis) <http://kau.diva-portal.org/smash/get/diva2:608803/FULLTEXT01.pdf>
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
Post scriptum: I would really love it if there were more collaboration between
academics researching these systems and their maintainers/developers. I'm just
going to throw that vague wish out into the void.
♥Ⓐ isis agora lovecruft
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1154 bytes
Desc: Digital signature
More information about the tor-talk