Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?

2020-04-07 Thread Tor Bug Tracker & Wiki 
#33815: vanguards with meek - do or don't?
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  task  | Status:  closed
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:  vanguards |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mikeperry):

 Q4) Btw, here's my best guess of the kind of defense that *would* work in
 the general case. At a minimum, services will need to have a traffic re-
 shaper that makes their traffic patterns look like the reverse of what
 they are - HTTP is an aymmetric protocol in that requests are typically
 much smaller than responses. So some kind of traffic shaping to reverse
 this asymmetry is necessary (see ALPaCA for an example:
 https://www.freehaven.net/anonbib/cache/applicationlayer-pets2017.pdf).
 Then some amount of cover traffic would need to be carefully added onto
 this shaped application layer traffic, too. And even then, high volume
 onion services will at best look like high volume web
 crawlers/scrapers/bots, not real users.

 I don't think that this is within reach of service operators. It is still
 an open research problem. See also
 
https://github.com/torproject/tor/blob/master/doc/HACKING/CircuitPaddingDevelopment.md#14
 -other-deployment-constraints and the rest of that doc (which is the place
 for such info, rather than the vanguards doc).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?

2020-04-06 Thread Tor Bug Tracker & Wiki 
#33815: vanguards with meek - do or don't?
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  vanguards |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mikeperry):

 Q1-Q2) I need to look into this more, but meek-azure is not an obviously
 bad choice, if it still works. I am pretty sure it does not have cover
 traffic protections like obs4, and the azure cloud provider gains at least
 all capabilities of the local adversary, and may also gain some network
 adversary capabilities too. I also would have to double-check the specific
 meek-azure implementation to make sure you still get a properly
 authenticated connection to a guard node, or if there is another private
 bridge on the back-end (and if so, if that bridge is authenticated with a
 fingerprint).

 Q3) I was speaking about the protocol, not who ran the bridges (or who has
 access to Azure cloud or can compel them).

 Q4). For high volume onion services, adding additional local client
 traffic is unlikely to help much. I am also reluctant to make this
 recommendation in the general case, and that README is not the right place
 to go deep into the many different traffic analysis rabbit holes, because
 they are not strongly solved. The only reason that README goes as far as
 it does is because such a treatment is necessary to understand the effect
 and interaction of many options, protocols, other addons, and other
 components already provided by the Tor Project.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?

2020-04-06 Thread Tor Bug Tracker & Wiki 
#33815: vanguards with meek - do or don't?
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  task  | Status:  closed
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:  vanguards |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by mikeperry):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Such doc questions also belong here: https://github.com/mikeperry-
 tor/vanguards/issues. Specifically, https://github.com/mikeperry-
 tor/vanguards/issues/55 for doc updates.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33815 [Core Tor/Tor]: vanguards with meek - do or don't?

2020-04-05 Thread Tor Bug Tracker & Wiki 
#33815: vanguards with meek - do or don't?
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  vanguards |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * cc: mikeperry, asn (added)
 * type:  defect => task
 * component:  Applications => Core Tor/Tor
 * keywords:   => vanguards
 * milestone:   => Tor: unspecified


Comment:

 Hi, I can't answer your questions, but asn or mikeperry might be able to.
 They will also know the right component for vanguards tickets.

 Also, this ticket tracker isn't really designed for questions and answers.
 You might get a better response by writing to the Tor developers mailing
 list, tor-...@lists.torproject.org.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs