[Noisebridge-discuss] oh sysadmins of noisebridge, i have a question for ye

Fri Jun 26 22:06:22 UTC 2009

wrt to bridges, the tor website says "Since there is no complete
public list of them, even if your ISP is filtering connections to all
the known Tor relays, they probably won't be able to block all the
bridges." while it may be true that they wont be able to block all of
them, the way i see it is that an end user need to find the bridge IPs
from somewhere. cant whoever doing the blocking also use the same
means to discover such IPs? this is of course not a problem with tor
but exist in all such distribution of proxy servers. even in p2p
networks, you have some sort of bootstrapping that needs to happen,
which can be hindered by traffic filtering.

thanks,

ian

On Fri, Jun 26, 2009 at 2:14 PM, Jacob Appelbaum<jacob at appelbaum.net> wrote:
> Ian wrote:
>> jake,
>>
>> thanks for your well constructed response. i agree with you that tor
>> is the superior technology in terms of anonymity.
>
> I think it's better for security, privacy and many other things; it's
> not just about anonymity. Anonymity just happens to be an essential
> component in those other desired buzzwords.
>
>>although i dont know
>> the details of this, is it possible for iran to block ips/ports so
>> that iranian citizens cannot use tor? i would imagine there was a
>> reason why they would ask for proxies in addition to tor. it could
>> also be hard for some people to get the tor client software.
>
> First of all, it's possible to configure Tor to use a proxy first
> (usually this is for corporate networks but in principle it will work
> when a user needs a proxy in other cases). This is a simple access
> issue. You'll still get all of the useful Tor security properties.
> Though that may seem odd, I assure you that this is not so bad.
>
> Additionally, the answer to your question is: Yes, the Iranian telecoms
> can filter Tor's server list and block access. This is precisely why we
> took the next step in the arms race and implemented bridging. If you use
> a bridge, it's essentially the same as using a private (not in a
> directory) proxy as your first hop:
> https://www.torproject.org/bridges.html
>
> Here's a few bridges to get you started:
> http://bridges.torproject.org/
>
> If you don't have a copy of Tor, you can always request it via email:
> https://www.torproject.org/finding-tor#Mail
>
>> whatever the reason, i hear you on all the complications of one-hop
>> proxies. i was thinking that they would be ssl and no logs be kept on
>> the server. it is, however, a high-risk proposal which is why i asked
>> for everyone's input.
>>
>
> Let me know when your Tor server is up and running! I'm more than happy
> to let you know it's working properly. :-)
>
> Best,
> Jake
>