I think that I should rephrase myself a little so I don’t cause any confusion.
"Undetectable" is perhaps an overstatement. Usage of bridges like meek are especially difficult to identify by just being a firewall/router admin sniffing bypassing traffic. But some adversaries (we know China does it, see https://blog.torproject.org/blog/learning-more-about-gfws-active-probing-system) also do active probing where they have servers connecting to the destination server of a connection (i.e. the suspected bridge) and try to establish a Tor connection. Meek is espacially powerful against that kind of attack because you only connect to a CDN of either Amazon or Microsoft, looking like a web browser visiting some regular website. Without careful studying of traffic patterns etc., a "man in the middle" can not tell if you’re using Tor or just vising a website. Of course, as we all know, there’s another government which might have some insight into networks of US-based companies. But if you’re primarily worried about third-world country states hosting your bridge, meek might be your preffered choice. On Tue, Nov 08, 2016 at 12:36:23PM +0000, Jason Long wrote: > How can I find a good list of secure Bridge? > > On Tuesday, November 8, 2016 1:38 PM, Jonathan Marquardt > <m...@parckwart.de> wrote: > > > One thing should be clear: > > If one is not using a bridge, it is trivial for any network observer > (University firewall admin, Iran ISP) to see if one is using Tor. However, > with the right bridge setup such a detection can ultimately be prevented. I > guess meek is the best candidate for an undetectable bridge. > > On Mon, Nov 07, 2016 at 09:56:01AM -0800, Seth David Schoen wrote: > > Jason Long writes: > > > > > To be honest, I guess that I must stop using Tor!!!! It is not secure.I > > > can remember that in torproject.org the Tor speaking about some peole > > > that use Tor. For example, reporters, Military soldiers and...But I guess > > > all of them are ads. Consider a soldier in a country that want send a > > > secret letter to his government and he want to use Tor but the country > > > that he is in there can sniff his traffic :( > > > > That soldier has a potential problem if the government is aggressively > > monitoring Internet traffic, because they can look at the time that the > > message was received and ask "who was using Tor in our country at that > > time?". This happened in 2013 when someone sent a bomb threat using > > Tor on his university campus. Apparently he was the only person using > > Tor on campus at the time the threat was sent. > > > > http://www.dailydot.com/crime/tor-harvard-bomb-suspect/ > > > > The ability to do this doesn't require the government to operate any of > > the nodes and doesn't require them to be operated in the same country. > > For instance, Harvard University was able to identify this person even > > though he was using only Tor nodes that were outside of the university's > > network. (It might have been much harder if he had been using a bridge > > that the university didn't know about, or if he had sent the threat > > from somewhere outside of the campus network.) > > > > If there are ways of sending the letter that introduce a delay, then it > > might be harder for the government to identify the soldier because then > > there is some amount of Tor use at a time that's not obviously related > > to the sending of the letter. There might still be a concern that the > > amount of data that the soldier transmitted over the Tor network is > > very similar to the size of the letter, which may be a unique profile. > > (That's a concern for systems like SecureDrop because people upload > > large documents with a unique size; the number of people who transmitted > > that exact amount of information on a Tor connection in a particular > > time frame will be very small.) > > > > There's lots to think about and a good reminder that the Tor technology > > isn't perfect. But I wouldn't agree with the idea that there's no point > > in using Tor. Lots of people are getting an anonymity benefit from > > using it all of the time. > > > > -- > > Seth Schoen <sch...@eff.org> > > Senior Staff Technologist https://www.eff.org/ > > Electronic Frontier Foundation https://www.eff.org/join > > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > > -- > > tor-talk mailing list - tor-talk@lists.torproject.org > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
