I think that tor is not designed to enable you to hide the fact you are using tor from an adversary. And that technologies like bridges are there to enable you to get out, not to hide the fact that you are getting out or may have in the past or may in the future. That is to say; methods for avoiding DPI are not there to hide your intent but rather to obfuscate that intent such that its not so easy to spot by non-heuristic DPI systems.
I may be wrong about this, what do I know? If I am correct me. Is *any* connection outside of your country a problem? Could you run your own bridge hosted outside of your country geographically? ----- Original Message ----- From: ithor [mailto:it...@protonmail.com] Sent: Wednesday, October 03, 2018 09:41 AM To: tor-talk@lists.torproject.org <tor-talk@lists.torproject.org> Subject: [tor-talk] ascertain trustworthyness of entry-nodes and obfs4 bridges? Hi, when living under an oppressive regime with draconian Internet censorship, it is crucial for me to be able to connect to the Tor network without arousing any suspicion and to be sure I'm not connecting to a malicious entry-node or obfs4 bridge. The only way for me to bypass DPI is to use either the meek_azure bridge (which will be pulled) or the private obfs4 bridges (the public ones or those integrated in TBB are obviously blacklisted) I guess that connecting to Tor through meek_azure is as safe as it can get, but how can I be sure about the obfs4 bridges ? You know, I need to try at least 4 or 5 obfs4 bridges before I find one that actually works. That means that the others are either down or already blacklisted by the gvt apes. This means I'm already broadcasting the fact that I'm trying to connect via a obfs4 Tor bridge. Not very anonymous indeed ... So would there be a way to (pen-?)test a private obfs4 bridge as being non blacklisted and actually usable without really trying to connect to it and alarming my ISP and DPI the like ? This seems like an overlooked security and privacy issue with a lot of possible consequences. Same thing for the entry-nodes. How can I know for sure the randomly selected one isn't rune by some gvt trol ? Would it be possible for people like me to have a small list of absolutely trustworthy entry-nodes I could manually set as entry-node ? Sent with [ProtonMail](https://protonmail.com) Secure Email. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
