Opened 2 years ago

Last modified 9 months ago

#23089 new defect

Most of bridges share the same 3 subnets. What if this subnets got blocked? It will be devastating!

Reported by: cypherpunks Owned by:
Priority: Very High Milestone:
Component: Circumvention/Pluggable transport Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Child Tickets

Change History (11)

comment:1 Changed 2 years ago by cypherpunks

Summary: What if 194.132.0.0/16 and 149.202.98.0/24 get blocked?What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/32 got blocked?

comment:2 Changed 2 years ago by cypherpunks

Summary: What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/32 got blocked?What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?

comment:3 Changed 2 years ago by cypherpunks

Summary: What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?What if 194.132.209.0/24 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?

comment:4 Changed 2 years ago by cypherpunks

It seems like you disclose some information fetched from bridges.tpo, please don't do that.

If bridge got blocked you can to request new one.

comment:5 Changed 2 years ago by yawning

Resolution: invalid
Status: newclosed

Then other people should step up and run bridges, instead of just Torservers. But this isn't a bug, it's more an outreach problem.

comment:6 Changed 2 years ago by cypherpunks

Summary: What if 194.132.209.0/24 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?What if 0.0.0.0/0 got blocked?

comment:7 Changed 2 years ago by cypherpunks

Resolution: invalid
Status: closedreopened
Summary: What if 0.0.0.0/0 got blocked?Most of bridges share the same 3 subnets. What if this subnets got blocked? It will be devastating!

It seems like you disclose some information fetched from bridges.tpo, please don't do that.

Why? It's easy for everyone to download some bridges' addresses, look at them, spot common subnets and create just 3 firewall rules to block most of them, even unknown? Its not a bug, its a vuln!

If bridge got blocked you can to request new one.

How can I request a new one if TPO websites are blocked? And what if I requested a new one and would be given the new one already blocked?

Last edited 2 years ago by cypherpunks (previous) (diff)

comment:8 Changed 2 years ago by cypherpunks

Why? It's easy for everyone to download some bridges' addresses, look at them, spot common subnets and create just 3 firewall rules to block most of them, even unknown? Its not a bug, its a vuln!

First:

Then other people should step up and run bridges, instead of just Torservers. But this isn't a bug, it's more an outreach problem.

Second, reality is different. For me only 1/10 bridges from bridges.tpo was affected by your "3 firewall rules".

How can I request a new one if TPO websites are blocked? And what if I requested a new one and would be given the new one already blocked?

Try e-mail?

comment:9 Changed 2 years ago by cypherpunks

Try e-mail?

Assume that email, SMS, social networks, messengers, forums, phone (both binary and voice communications), any other unencrypted channels are censored too and that people trying to acquire bridges using such personalized channels are prosecuted. Bridges must be acquired stealthy. Noone must know that you are using a bridge except the bridge itself.

Second, reality is different. For me only 1/10 bridges from bridges.tpo was affected by your "3 firewall rules".

Maybe.

Last edited 2 years ago by cypherpunks (previous) (diff)

comment:10 Changed 9 months ago by teor

Owner: asn deleted
Status: reopenedassigned

asn does not need to own any obfuscation tickets any more. Default owners are trouble.

comment:11 Changed 9 months ago by cohosh

Status: assignednew

tickets were assigned to asn, setting them as unassigned (new) again.

Note: See TracTickets for help on using tickets.