Torbrowser 8a3 added moat which I’m actually fetches new bridges, without requiring you to go to bridges.torproject.org.
Bug 23136: Moat integration (fetch bridges for the user) Download the latest alpha https://dist.torproject.org/torbrowser/8.0a6/ Remember this is an alpha and should only be used for testing purposes, moat should be included in the next major stable. Sent from my iPad > On Apr 29, 2018, at 12:41 PM, Nathaniel Suchy (Lunorian) <m...@lunorian.is> > wrote: > > Thank you for clarifying that. The obfs4 bridges you can get at > bridges.torproject.org also pose an interesting risk, the ports each > Bridge IP Address is using seem to be non-standard, I'm in the US and > most networks I am at do not censor although sometimes certain ports at > public wifi networks are blocked, could a threat actor threatening you > or tor users in general realize an IP Address was a Tor Bridge by > identifying a large amount of traffic to a non-standard port on random > datacenter IP Addresses? > > You can tell Tor Browser your Firewall only allows connections to > certain ports which I assume when used with bridges would help further > hide the fact you are using Tor. > > The fact I email here obviously shows I am a Tor user, although I'd like > more technical measures built into Tor Browser to obfuscate the times I > am using Tor. > > Cheers, > Nathaniel Suchy > >>> On 4/29/18 2:36 PM, Matthew Finkel wrote: >>> On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) wrote: >>> I see that Tor Browser, for users who are censored in their country, >>> work, or school (or have some other reason to use bridges) has a variety >>> of built in bridges. Once of those are the OBFS4 bridges. My first >>> thought would be these are hard coded, of course giving everyone the >>> same set of bridges is bad right? >> >> Currently this is how it works, yes. It is not ideal, and there is >> on-going development work for rolling out a more scalable method. >> >>> Then a bad actor could download Tor >>> Browser, get the list, and null route the IPs on their network(s). Also >>> these bridges could get quite crowded. Are the bridges being used to >>> fetch other bridges, or something else? How does Tor Browser handle >>> these risks / technical issues? >> >> Indeed "Bad actors" could block the bridges hard-coded in Tor Browser. >> It is also true many of those default bridges are overloaded. > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk