Discussion:
[tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?
ithor
2018-10-03 08:41:29 UTC
Permalink
Hi,
when living under an oppressive regime with draconian Internet censorship, it is crucial for me to be able to connect to the Tor network without arousing any suspicion and to be sure I'm not connecting to a malicious entry-node or obfs4 bridge.
The only way for me to bypass DPI is to use either the meek_azure bridge (which will be pulled) or the private obfs4 bridges (the public ones or those integrated in TBB are obviously blacklisted)
I guess that connecting to Tor through meek_azure is as safe as it can get, but how can I be sure about the obfs4 bridges ?
You know, I need to try at least 4 or 5 obfs4 bridges before I find one that actually works. That means that the others are either down or already blacklisted by the gvt apes. This means I'm already broadcasting the fact that I'm trying to connect via a obfs4 Tor bridge. Not very anonymous indeed ...
So would there be a way to (pen-?)test a private obfs4 bridge as being non blacklisted and actually usable without really trying to connect to it and alarming my ISP and DPI the like ?
This seems like an overlooked security and privacy issue with a lot of possible consequences.
Same thing for the entry-nodes. How can I know for sure the randomly selected one isn't rune by some gvt trol ? Would it be possible for people like me to have a small list of absolutely trustworthy entry-nodes I could manually set as entry-node ?

Sent with [ProtonMail](https://protonmail.com) Secure Email.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi
marvel
2018-10-03 09:58:47 UTC
Permalink
I think that tor is not designed to enable you to hide the fact you are using tor from an adversary. And that technologies like bridges are there to enable you to get out, not to hide the fact that you are getting out or may have in the past or may in the future. That is to say; methods for avoiding DPI are not there to hide your intent but rather to obfuscate that intent such that its not so easy to spot by non-heuristic DPI systems.

I may be wrong about this, what do I know? If I am correct me.

Is *any* connection outside of your country a problem? Could you run your own bridge hosted outside of your country geographically?



----- Original Message -----
From: ithor [mailto:***@protonmail.com]
Sent: Wednesday, October 03, 2018 09:41 AM
To: tor-***@lists.torproject.org <tor-***@lists.torproject.org>
Subject: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges?

Hi,
when living under an oppressive regime with draconian Internet censorship, it is crucial for me to be able to connect to the Tor network without arousing any suspicion and to be sure I'm not connecting to a malicious entry-node or obfs4 bridge.
The only way for me to bypass DPI is to use either the meek_azure bridge (which will be pulled) or the private obfs4 bridges (the public ones or those integrated in TBB are obviously blacklisted)
I guess that connecting to Tor through meek_azure is as safe as it can get, but how can I be sure about the obfs4 bridges ?
You know, I need to try at least 4 or 5 obfs4 bridges before I find one that actually works. That means that the others are either down or already blacklisted by the gvt apes. This means I'm already broadcasting the fact that I'm trying to connect via a obfs4 Tor bridge. Not very anonymous indeed ...
So would there be a way to (pen-?)test a private obfs4 bridge as being non blacklisted and actually usable without really trying to connect to it and alarming my ISP and DPI the like ?
This seems like an overlooked security and privacy issue with a lot of possible consequences.
Same thing for the entry-nodes. How can I know for sure the randomly selected one isn't rune by some gvt trol ? Would it be possible for people like me to have a small list of absolutely trustworthy entry-nodes I could manually set as entry-node ?

Sent with [ProtonMail](https://protonmail.com) Secure Email.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/l
Andreas Krey
2018-10-03 10:23:27 UTC
Permalink
On Wed, 03 Oct 2018 08:41:29 +0000, ithor wrote:
...
Post by ithor
So would there be a way to (pen-?)test a private obfs4 bridge as being non blacklisted and actually usable without really trying to connect to it and alarming my ISP and DPI the like ?
Obviously not. To test that you need to try to connect to it and
consequently risk running into a block.

For the paranoid: The firewall operator might just as well just log who
is using known brigde (incl. obfs4) addresses but letting the connections
pass to just see who is using tor.
Post by ithor
This seems like an overlooked security and privacy issue with a lot of possible consequences.
It's not as much overlooked but almost impossible to avoid. The only
is/was domain fronting on a cloud provider and might be encrypted SNI
once that itself is widely deployed - only then do you look the same
as regular internet users.

On the other hand, the question is whether using tor itself is outlawed or raising suspicion in your country.
Post by ithor
Same thing for the entry-nodes. How can I know for sure the randomly selected one isn't rune by some gvt trol ?
By knowing and trusting the operator. That's the reason tor stopped
swapping entry nodes around - the fewer you use the lower the risk.

Also, geographic selection: Depending on the country of the relay,
trolls are unlikely to report to your gvt.

- Andreas
--
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.o
ithor
2018-10-03 11:36:25 UTC
Permalink
Ok, so basically I have to stick with trust... kinda dangerous really in my geographical location.

I know there's a lot of talk about the pro and contra of using some kind of VPN before entering the Tor network, how it can deanonymize you and how you basically still have to trust someone.

But still, in order to defeat the possibility of a malicious entry-node or to avoid having my ip broadcasting i'm connecting to blacklisted obfs4 bridges, wouldn't a "trustworthy" VPN tackle that issue? I'm thinking of providers that employ a mix of obfuscating servers, like PSIPHON. It obfuscates a SSL layer with an http one and is conceived especially for activists living under censorship.

So ok, one could state: maybe most of the ip's of those servers (even being over 6000 worldwide) are known to the gvt trolls and they're just letting you through in order to get information about you. That's right, but then one should add another security layer by connecting over public wifi and not home router and f.ex. spoofing MAC addresses at every connection.

It would still be a protecting layer before connecting to the entry-node, even over a obfs4 bridge.



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Post by Andreas Krey
...
Post by ithor
So would there be a way to (pen-?)test a private obfs4 bridge as being non blacklisted and actually usable without really trying to connect to it and alarming my ISP and DPI the like ?
Obviously not. To test that you need to try to connect to it and
consequently risk running into a block.
For the paranoid: The firewall operator might just as well just log who
is using known brigde (incl. obfs4) addresses but letting the connections
pass to just see who is using tor.
Post by ithor
This seems like an overlooked security and privacy issue with a lot of possible consequences.
It's not as much overlooked but almost impossible to avoid. The only
is/was domain fronting on a cloud provider and might be encrypted SNI
once that itself is widely deployed - only then do you look the same
as regular internet users.
On the other hand, the question is whether using tor itself is outlawed or raising suspicion in your country.
Post by ithor
Same thing for the entry-nodes. How can I know for sure the randomly selected one isn't rune by some gvt trol ?
By knowing and trusting the operator. That's the reason tor stopped
swapping entry nodes around - the fewer you use the lower the risk.
Also, geographic selection: Depending on the country of the relay,
trolls are unlikely to report to your gvt.
- Andreas
--
"Totally trivial. Famous last words."
Date: Fri, 22 Jan 2010 07:29:21 -0800
--------------------------------------
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-
Mirimir
2018-10-04 22:26:49 UTC
Permalink
Post by ithor
Ok, so basically I have to stick with trust... kinda dangerous really in my geographical location.
I know there's a lot of talk about the pro and contra of using some kind of VPN before entering the Tor network, how it can deanonymize you and how you basically still have to trust someone.
But still, in order to defeat the possibility of a malicious entry-node or to avoid having my ip broadcasting i'm connecting to blacklisted obfs4 bridges, wouldn't a "trustworthy" VPN tackle that issue? I'm thinking of providers that employ a mix of obfuscating servers, like PSIPHON. It obfuscates a SSL layer with an http one and is conceived especially for activists living under censorship.
So ok, one could state: maybe most of the ip's of those servers (even being over 6000 worldwide) are known to the gvt trolls and they're just letting you through in order to get information about you. That's right, but then one should add another security layer by connecting over public wifi and not home router and f.ex. spoofing MAC addresses at every connection.
It would still be a protecting layer before connecting to the entry-node, even over a obfs4 bridge.
From devices that are identifiably mine, and not some ~anonymous VPS, I
only connect to Tor via nested VPN chains, typically three deep. Some
VPN providers, such as IVPN, even offer obfs4 tunneling. Others, such as
AirVPN, offer SSH and TLS.

It's not prudent to trust VPN services, any more (or less, really) than
it is to trust any particular Tor relay. Or any particular ISP, for that
matter. But with three VPN services in a nested chain, adversaries would
need data from at least two of them. And they'd need to work through the
chain, from one end or the other. Or do traffic analysis.

<SNIP>
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproje
Loading...