[tor-talk] Bridges that can't be discovered by their own clients

distractedtokyo at elude.in distractedtokyo at elude.in
Fri Aug 25 20:06:11 UTC 2017


Hi,

Say you have a LAN and provide connectivity into Tor via a bridge. You
don't want users to identify where your bridge is, but you want to provide
them direct access into the Tor network. You disable fingerprint
publishing and they use a fixed LAN IP to provide connectivity out of.

Can they then take the fingerprint they see when talking to the bridge and
compare it to a relay that they own and find the bridge's public and
"real" IP?

If this doesn't work, is there any known way to provide connectivity where
the clients cannot figure out where the connectivity is coming from? Like
in the case of hidden hosting?

Preferably in a way where you torify all traffic but they can host their
own hidden services without a double-Tor penalty (hence the bridge idea).

Thank you!



More information about the tor-talk mailing list