The service The latest TorBrowser alpha uses to connect to obtain the bridges “BridgesDB" has been down for a while, so I can not test this. It should be up and running before the stable is ready.
> On Apr 29, 2018, at 9:21 PM, Nathaniel Suchy (Lunorian) <m...@lunorian.is> > wrote: > > So the concerns I brought up are already addressed in an upcoming update? > > Cheers, > Nathaniel > > Jacki M: >> Torbrowser 8a3 added moat which I’m actually fetches new bridges, without >> requiring you to go to bridges.torproject.org. >> >> Bug 23136: Moat integration (fetch bridges for the user) >> Download the latest alpha https://dist.torproject.org/torbrowser/8.0a6/ >> Remember this is an alpha and should only be used for testing purposes, moat >> should be included in the next major stable. >> Sent from my iPad >> >>> On Apr 29, 2018, at 12:41 PM, Nathaniel Suchy (Lunorian) <m...@lunorian.is> >>> wrote: >>> >>> Thank you for clarifying that. The obfs4 bridges you can get at >>> bridges.torproject.org also pose an interesting risk, the ports each >>> Bridge IP Address is using seem to be non-standard, I'm in the US and >>> most networks I am at do not censor although sometimes certain ports at >>> public wifi networks are blocked, could a threat actor threatening you >>> or tor users in general realize an IP Address was a Tor Bridge by >>> identifying a large amount of traffic to a non-standard port on random >>> datacenter IP Addresses? >>> >>> You can tell Tor Browser your Firewall only allows connections to >>> certain ports which I assume when used with bridges would help further >>> hide the fact you are using Tor. >>> >>> The fact I email here obviously shows I am a Tor user, although I'd like >>> more technical measures built into Tor Browser to obfuscate the times I >>> am using Tor. >>> >>> Cheers, >>> Nathaniel Suchy >>> >>>>> On 4/29/18 2:36 PM, Matthew Finkel wrote: >>>>> On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) >>>>> wrote: >>>>> I see that Tor Browser, for users who are censored in their country, >>>>> work, or school (or have some other reason to use bridges) has a variety >>>>> of built in bridges. Once of those are the OBFS4 bridges. My first >>>>> thought would be these are hard coded, of course giving everyone the >>>>> same set of bridges is bad right? >>>> >>>> Currently this is how it works, yes. It is not ideal, and there is >>>> on-going development work for rolling out a more scalable method. >>>> >>>>> Then a bad actor could download Tor >>>>> Browser, get the list, and null route the IPs on their network(s). Also >>>>> these bridges could get quite crowded. Are the bridges being used to >>>>> fetch other bridges, or something else? How does Tor Browser handle >>>>> these risks / technical issues? >>>> >>>> Indeed "Bad actors" could block the bridges hard-coded in Tor Browser. >>>> It is also true many of those default bridges are overloaded. >>> >>> -- >>> tor-talk mailing list - tor-talk@lists.torproject.org >>> To unsubscribe or change other settings go to >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
