[tor-talk] obfs4

[Justin Davis]

Hi,
I think I may have thought of how some DPI boxes are blocking obfs4
and other "look like nothing" transports.
I think the amount of users using a bridge will cause the packet
interarrival times to change significantly. For example, a bridge
under heavy load would have a slower response time, and maybe other
differences. A bridge under light load would have a quicker
interarrival time. So when a user tries to use obfs4, the middlebox
looks for packets with very high entropy, then matches those high
entropy packets with a timing signature of heavy load bridges. Other
filter companies that are smarter will also have a calculated value
for low use bridges, but some do not. If the filter company has not
considered that a low use bridge could have a different timing
signature, then those bridges will probably work. Maybe my idea isn't
quiet right, if anyone has improvements they are welcome.
Thanks,
Justin.