Opened 11 years ago

Last modified 7 years ago

#818 closed enhancement (Duplicate)

Protect bridges from local ISP

Reported by: gst Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.1.2.19
Severity: Keywords:
Cc: gst, arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Right now it is sufficient to know the IP address of a bridge in order to use it. This allows an ISP to scan if its customers are operating bridges. Furthermore, if a country (or an ISP) wants to check if its users/citizens are connecting to a TOR bridge, it could first log outgoing connections to (e.g.) https ports and then establish a connection and check if a TOR bridge responds on the port.

One possibility to work around this problem would be to require some kind of "token" to connect the a bridge. The directory server could provide the client with the IP address of a bridge and with the token that is required to connect. If the client does not provide the token to the bridge after the connection has been established, the bridge could just close the connection (or even better) return a HTTP error message that looks similar to (e.g.) Apache error messages.

This would make it harder for an ISP to check if its customers are running a bridge. Furthermore, it provides some kind of "plausible deniability" to people that are accussed of (illegally) connecting to the TOR network.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (3)

comment:1 Changed 11 years ago by arma

Yes, this is on the roadmap. See the 'scanning resistance' section of blocking.pdf.

However, we don't actually have detailed plans for how to do it. We'd love to see
a proposal (see doc/spec/proposals/) for this feature with more details worked out.

comment:2 Changed 11 years ago by arma

flyspray2trac: bug closed.

comment:3 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.