On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) wrote: > I see that Tor Browser, for users who are censored in their country, > work, or school (or have some other reason to use bridges) has a variety > of built in bridges. Once of those are the OBFS4 bridges. My first > thought would be these are hard coded, of course giving everyone the > same set of bridges is bad right?
Currently this is how it works, yes. It is not ideal, and there is on-going development work for rolling out a more scalable method. > Then a bad actor could download Tor > Browser, get the list, and null route the IPs on their network(s). Also > these bridges could get quite crowded. Are the bridges being used to > fetch other bridges, or something else? How does Tor Browser handle > these risks / technical issues? Indeed "Bad actors" could block the bridges hard-coded in Tor Browser. It is also true many of those default bridges are overloaded. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
