[tor-talk] Using a public relay as a bridge?

Roger Dingledine arma at mit.edu
Sat Jan 13 05:40:10 UTC 2018


On Fri, Jan 12, 2018 at 04:25:58PM +0100, Marco Gruß wrote:
> the other day I just for the fun of it tried using a public
> relay as a non-obfuscated bridge - it actually works.

There are actually still some subtle bugs, e.g.
https://trac.torproject.org/1776
(I know it's closed, but I think that's just as because it is a
rarely used configuration, not because it's actually fixed)
https://trac.torproject.org/2998
and my most recent favorite,
https://trac.torproject.org/20531

So, it mostly works, but if you want this behavior, it is much better
to set your EntryNodes option to the relay you want to use.

> Curious: Would be using a public relay I implicitly trust
> (operated by a friend, operated by me, operated by the NSA)
> as a bridge be a good or a bad idea?

It depends! If you know they're safe to use, yes it's better to use
a trusted node as your first hop. Except, if the adversary guesses
that you think they're safe to use, then no it's worse, because what
if they run some middle relays and try to draw conclusions about the
circuits they see coming from your favorite relay. Also, even if you
totally trust the relay, you need to consider the network in between
your current location and that relay. Traffic routing can be surprising,
e.g. on the route from Bolivia to Brazil you might go through Miami.

For an entire paper on this topic (spoiler: it doesn't give you a concrete
answer either), check out
https://www.freehaven.net/anonbib/#ccs2011-trust

--Roger



More information about the tor-talk mailing list