[tor-talk] How do the OBFS4 "built-in" Bridges work?
Nathaniel Suchy (Lunorian)
me at lunorian.is
Sun Apr 29 19:41:47 UTC 2018
Thank you for clarifying that. The obfs4 bridges you can get at
bridges.torproject.org also pose an interesting risk, the ports each
Bridge IP Address is using seem to be non-standard, I'm in the US and
most networks I am at do not censor although sometimes certain ports at
public wifi networks are blocked, could a threat actor threatening you
or tor users in general realize an IP Address was a Tor Bridge by
identifying a large amount of traffic to a non-standard port on random
datacenter IP Addresses?
You can tell Tor Browser your Firewall only allows connections to
certain ports which I assume when used with bridges would help further
hide the fact you are using Tor.
The fact I email here obviously shows I am a Tor user, although I'd like
more technical measures built into Tor Browser to obfuscate the times I
am using Tor.
Cheers,
Nathaniel Suchy
On 4/29/18 2:36 PM, Matthew Finkel wrote:
> On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) wrote:
>> I see that Tor Browser, for users who are censored in their country,
>> work, or school (or have some other reason to use bridges) has a variety
>> of built in bridges. Once of those are the OBFS4 bridges. My first
>> thought would be these are hard coded, of course giving everyone the
>> same set of bridges is bad right?
>
> Currently this is how it works, yes. It is not ideal, and there is
> on-going development work for rolling out a more scalable method.
>
>> Then a bad actor could download Tor
>> Browser, get the list, and null route the IPs on their network(s). Also
>> these bridges could get quite crowded. Are the bridges being used to
>> fetch other bridges, or something else? How does Tor Browser handle
>> these risks / technical issues?
>
> Indeed "Bad actors" could block the bridges hard-coded in Tor Browser.
> It is also true many of those default bridges are overloaded.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20180429/f2c33d2c/attachment.sig>
More information about the tor-talk
mailing list