woar zitte?
On Sat, May 26, 2012 at 8:03 AM, Roger Dingledine <a...@mit.edu> wrote: > On Fri, May 25, 2012 at 06:07:35PM +0200, pro...@secure-mail.biz wrote: >> If I understand correctly, a bridge will be used as the first of three hops. > > Yes. See also Item #2 on > https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges > including proposal 188: > https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/188-bridge-guards.txt > >> While users in non-censored areas can will use a certain amount of entry >> guards, users in censored areas get only three bridges per mail. >> >> The entry guard users are more unlikely to suffer from unstable (goes >>offline) entry guards and blocking is also no issue. I read, that 80% >>of all bridges are blocked. > > Bridges are basically not blocked at all outside of China. In China, > Tor is currently blocked by protocol. See Philipp Winter's "How China > Is Blocking Tor", as well as > https://blog.torproject.org/blog/knock-knock-knockin-bridges-doors > > (Pluggable transports like obfsproxy continue to work fine in China.) > >> Therefore I think it's safe to assume that >>2 of 3 bridges, bridgedb gives out to users, are already blocked. And >>over time probable also that bridge will get blocked and the user has >>to request new bridges. >> >> That means, that bridge users rotate their first hops more often than >>entry guard users. Is that true? > > Depends how much they care to use Tor. Rotation in the bridge case is > manual, and rotation in the entry guard case is automated. > >> If that is true, that also means, that bridge users are sufficiently >>more vulnerable to attacks, which are circumvented by entry guards? > > They're probably more vulnerable, but I don't know if I'd say > "sufficiently". There are a lot of attacks to balance. I would worry > just as much about "most bridge users don't know the identity fingerprint > of their bridge": > https://trac.torproject.org/projects/tor/ticket/2764 > https://trac.torproject.org/projects/tor/ticket/4624 > https://blog.torproject.org/blog/different-ways-use-bridge > and I'd probably worry even more about "there are different requirements > to get the Guard flag than there are to sign up as a bridge": > https://blog.torproject.org/blog/research-problem-better-guard-rotation-parameters > http://cacr.uwaterloo.ca/techreports/2012/cacr2012-11.pdf > > Seems to me that the current bridge approach is unmanageable, because we > need more varied bridge addresses, better transports, better distribution > strategies, etc: > https://blog.torproject.org/blog/bridge-distribution-strategies > https://blog.torproject.org/blog/strategies-getting-more-bridge-addresses > https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges > https://blog.torproject.org/blog/research-problem-five-ways-test-bridge-reachability > https://blog.torproject.org/blog/obfsproxy-next-step-censorship-arms-race > > Stay tuned to http://freehaven.net/anonbib/ for more. > > --Roger > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
