[tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?

ithor ithor at protonmail.com
Wed Oct 3 11:36:25 UTC 2018


Ok, so basically I have to stick with trust... kinda dangerous really in my geographical location.

I know there's a lot of talk about the pro and contra of using some kind of VPN before entering the Tor network, how it can deanonymize you and how you basically still have to trust someone.

But still, in order to defeat the possibility of a malicious entry-node or to avoid having my ip broadcasting i'm connecting to blacklisted obfs4 bridges, wouldn't a "trustworthy" VPN tackle that issue? I'm thinking of providers that employ a mix of obfuscating servers, like PSIPHON. It obfuscates a SSL layer with an http one and is conceived especially for activists living under censorship.

So ok, one could state: maybe most of the ip's of those servers (even being over 6000 worldwide) are known to the gvt trolls and they're just letting you through in order to get information about you. That's right, but then one should add another security layer by connecting over public wifi and not home router and f.ex. spoofing MAC addresses at every connection.

It would still be a protecting layer before connecting to the entry-node, even over a obfs4 bridge.



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, October 3, 2018 10:23 AM, Andreas Krey <a.krey at gmx.de> wrote:

> On Wed, 03 Oct 2018 08:41:29 +0000, ithor wrote:
> ...
>
> > So would there be a way to (pen-?)test a private obfs4 bridge as being non blacklisted and actually usable without really trying to connect to it and alarming my ISP and DPI the like ?
>
> Obviously not. To test that you need to try to connect to it and
> consequently risk running into a block.
>
> For the paranoid: The firewall operator might just as well just log who
> is using known brigde (incl. obfs4) addresses but letting the connections
> pass to just see who is using tor.
>
> > This seems like an overlooked security and privacy issue with a lot of possible consequences.
>
> It's not as much overlooked but almost impossible to avoid. The only
> is/was domain fronting on a cloud provider and might be encrypted SNI
> once that itself is widely deployed - only then do you look the same
> as regular internet users.
>
> On the other hand, the question is whether using tor itself is outlawed or raising suspicion in your country.
>
> > Same thing for the entry-nodes. How can I know for sure the randomly selected one isn't rune by some gvt trol ?
>
> By knowing and trusting the operator. That's the reason tor stopped
> swapping entry nodes around - the fewer you use the lower the risk.
>
> Also, geographic selection: Depending on the country of the relay,
> trolls are unlikely to report to your gvt.
>
> -   Andreas
>
>     --
>     "Totally trivial. Famous last words."
>     From: Linus Torvalds <torvalds@*.org>
>
>
> Date: Fri, 22 Jan 2010 07:29:21 -0800
>
> --------------------------------------
>
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




More information about the tor-talk mailing list