Opened 5 years ago

Last modified 6 weeks ago

#10314 new task

Think of strategy for deprecating pluggable transports (e.g. obfs2)

Reported by: asn Owned by:
Priority: Medium Milestone:
Component: Obfuscation/Pluggable transport Version:
Severity: Normal Keywords:
Cc: dcf, isis, sysrqb, yawning, pablo@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently, most bridges (the 70%) run obfs3+obfs2 and the rest run only obfs2.

China has an active probing module for obfs2 and not for obfs3, so using obfs2 in China is bad currently. It doesn't allow you to bypass censorship and it might also burn the bridge (if they ever decide to do IP-based censorship and not IP/TCP-based censorship).

We should think of how to deprecate obfs2. A good starting point would be to completely remove it from obfsproxy (by removing the code) and also stop suggesting it via BridgeDB.

We should think if there are any problems with the above approach, and how we can improve it.

Child Tickets

Change History (15)

comment:1 Changed 5 years ago by asn

Component: Firefox Patch IssuesPluggable transport

comment:2 in reply to:  description Changed 5 years ago by arma

Replying to asn:

Currently, most bridges (the 70%) run obfs3+obfs2 and the rest run only obfs2.

Is the 70% evenly distributed, or for example is it the case that the amazon cloud bridges upgraded but nobody else did?

comment:3 Changed 5 years ago by lunar

obfs2 is bad everywhere and not only in China. It should be deprecated as soon as we can.

comment:4 Changed 5 years ago by arma

Have we taken it out of the pt tbb? And by 'it' I mean the preconfigured obfs2 bridges?

comment:5 in reply to:  4 Changed 5 years ago by asn

Cc: dcf added

Replying to arma:

Have we taken it out of the pt tbb? And by 'it' I mean the preconfigured obfs2 bridges?

No, we haven't. We probably should. I CC'ed David who is making the bundles.

comment:6 Changed 5 years ago by dcf

Our torrc has 11 obfs2 bridges and only 2 obfs3. (And those 2 are different ports on the same IP.) Do you want to get rid of all 11 and keep only the 2? Should we add some more obfs3 bridges to the configuration first?

https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/blob/022ec7a7b5222c71f4990f34e49d9d7b93675b77:/Bundle-Data/pluggable-transports/linux-pt-torrc

comment:7 Changed 5 years ago by runa

The Tor Cloud images should also be updated to only set up a normal bridge and obfs3.

comment:8 Changed 5 years ago by asn

David, I sent an email to the operators of the current PTTBB obfsbridges suggesting them to upgrade to obfs3. Let's see how it goes.

Runa, how can we do this?

comment:10 Changed 5 years ago by isis

Cc: isis added

comment:11 Changed 5 years ago by sysrqb

Cc: sysrqb added

comment:12 Changed 5 years ago by yawning

Cc: yawning added

comment:13 Changed 4 years ago by p4blog

Cc: pablo@… added

comment:14 Changed 2 years ago by dcf

Severity: Normal

Closing this because obfs2 has been pretty effectively deprecated, and now obfs3 has mostly given way to obfs4.

comment:15 Changed 6 weeks ago by cohosh

tickets were assigned to asn, setting them as unassigned (new) again.

Note: See TracTickets for help on using tickets.