Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#18068 closed defect (worksforme)

Bridge included in bridge_prefs.js is down

Reported by: cypherpunks Owned by: isis
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-bridges
Cc: isis Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The running flag for bridge AF9F66B7B04F8FF6F32D455F05135250A16543C9 is false.

I have a question, how are these bridges that are included in bridge_prefs.js selected?
Are they just random bridges from the bridgedb? or does the torproject know exactly who is running them personally, and there is zero chance that the bridge operator is running traffic correlation analysis on its users?

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by cypherpunks

Component: - Select a componentBridgeDB
Owner: set to isis

comment:2 in reply to:  description ; Changed 4 years ago by isis

Cc: isis added
Component: BridgeDBTor Browser
Keywords: tbb-bridges added
Resolution: worksforme
Status: newclosed

Replying to cypherpunks:

The running flag for bridge AF9F66B7B04F8FF6F32D455F05135250A16543C9 is false.


Are you sure? The obfs3 one, right? It works for me…

I have a question, how are these bridges that are included in bridge_prefs.js selected?


Volunteers who have "proven" (to us, at least) that they are capable of running fast relays and of making sensible decisions (e.g. not keeping logs, etc), and who volunteer high-capacity Pluggable Transport bridges by contacting us directly are considered for inclusion.

Are they just random bridges from the bridgedb?


Most of Tor Browser's default bridges are not included in BridgeDB, but see also #13727.

or does the torproject know exactly who is running them personally, and there is zero chance that the bridge operator is running traffic correlation analysis on its users?


We do generally know the people running them. However, in my opinion, knowing someone or smelling their armpits or whatever doesn't necessarily imply that person is a good person or trustworthy. :)

For the traffic correlation attack: one, it is the opinion of myself and others in The Tor Project that traffic correlation attacks in the wild (i.e. on the entirety of sites online which a user might be browsing to) are statistically infeasible due to high false positive and false negative rates. There's not much information about user online behaviour to be gained from operating a bridge relay.

comment:3 in reply to:  2 Changed 4 years ago by cypherpunks

Replying to isis:

Great!
Thank you for the reply. I didn't try to connect that bridge, I just ran it by onionoo.torproject.org and the running flag was false at the time. {..., "running":false,"advertised_bandwidth":7534091}.

I should have tested it directly before opening the ticket.

Last edited 4 years ago by cypherpunks (previous) (diff)
Note: See TracTickets for help on using tickets.