Re: [tor-relays] Bridge operator iat_mode setting
Thanks for all your answers guys! Now i know that i'm doeing good running bridges in different iat modes. Actually I'm running 4 bridges, and two have iat_mode set to 0 and two others set to 1 and 2 respectively. I also have a question about bridges speed. It seems that when I do use of my bridge (that is in same network of my PC) the connection is too slow (~1Mbps using relays in a circuit that clearly (by seeing it in tor metrics) has high bandwidth). I do use it as a guard relay. But, when i disable the settings, using the same circuit or an very similar one I can see that the speed bumps to more than 4 Mbps. Is there any optimizations that I can do in my bridge relay? I have 20 Mbps uplink and 200 Mbps downlink here. Set my speed setting to 10 Mbps maxium in torrc. I can also see that bridge is not overloaded (no high cpu usage and low number of connections around 180 for now). Best regards, Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em segunda-feira, 1 de março de 2021 às 10:38, William Kane escreveu: > If you run more than three bridges, run an even distribution of > bridges with iat_mode set to 0, 1 and 2, if you run only three > bridges, one with each setting, if two, then 0 and 2, if only one, run > it with 2 due to the lack of bridges supporting it, et cetera. > > That's how I would handle it.. > > - William > > 2021-02-24 23:44 GMT, Eddie stun...@attglobal.net: > > > > On 2/24/2021 12:34 PM, William Kane wrote: > > > > > Thank you for running obfs4 bridges with iat_mode != 0, only very few > > > obfs4 bridges support the additional traffic obfuscation in both > > > directions. > > > Kudos to you my friend. > > > > > > - William > > > Should I take this as a recommendation to update my bridges to support > > > iat_mode=2. > > > > > > > Cheers. > > > > > 2021-02-23 1:18 GMT, torjoy south_america_brid...@protonmail.com: > > > > > > > Hi All, > > > > I work with time and frequency references and run some tor bridges. What > > > > is > > > > the objective of "iat_mode" setting? Is an good timming reference > > > > important > > > > for this setting? For now, i'm adminstrating 3 briges, one with > > > > iat_mode=0, > > > > iat_mode=1 and iat_mode=2. > > > > Could you explain or forward me to some reading about it? > > > > Best regards, > > > > Luiz > > > > Sent with ProtonMail Secure Email. > > > > > > tor-relays mailing list > > > tor-relays@lists.torproject.org > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > > This e-mail was checked for spam by the freeware edition of CleanMail. > > > The freeware edition is restricted to personal and non-commercial use. > > > You can remove this notice by purchasing a commercial license: > > > http://antispam.byteplant.com/products/cleanmail/index.html > > > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
If you run more than three bridges, run an even distribution of bridges with iat_mode set to 0, 1 and 2, if you run only three bridges, one with each setting, if two, then 0 and 2, if only one, run it with 2 due to the lack of bridges supporting it, et cetera. That's how I would handle it.. - William 2021-02-24 23:44 GMT, Eddie : > On 2/24/2021 12:34 PM, William Kane wrote: >> Thank you for running obfs4 bridges with iat_mode != 0, only very few >> obfs4 bridges support the additional traffic obfuscation in both >> directions. >> >> Kudos to you my friend. >> >> - William > Should I take this as a recommendation to update my bridges to support > iat_mode=2. > > Cheers. >> 2021-02-23 1:18 GMT, torjoy : >>> Hi All, >>> >>> I work with time and frequency references and run some tor bridges. What >>> is >>> the objective of "iat_mode" setting? Is an good timming reference >>> important >>> for this setting? For now, i'm adminstrating 3 briges, one with >>> iat_mode=0, >>> iat_mode=1 and iat_mode=2. >>> Could you explain or forward me to some reading about it? >>> >>> Best regards, >>> >>> Luiz >>> >>> Sent with [ProtonMail](https://protonmail.com) Secure Email. >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> >> -- >> This e-mail was checked for spam by the freeware edition of CleanMail. >> The freeware edition is restricted to personal and non-commercial use. >> You can remove this notice by purchasing a commercial license: >> http://antispam.byteplant.com/products/cleanmail/index.html > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
So should I remove that instruction from torrc? Sent from ProtonMail mobile Original Message On Feb 25, 2021, 4:14 PM, Philipp Winter wrote: > On Thu, Feb 25, 2021 at 06:30:35PM +0100, Toralf Förster wrote: >> SO why is this not the default? > > The feature introduces a substantial performance penalty for a dubious > and poorly understood privacy gain. If I were to write an algorithm to > detect obfs4, I wouldn't bother dealing with its flow properties; there > are easier ways to identify the protocol. In hindsight, it was probably > a mistake to expose the iat option to users and bridge operators. > > Cheers, > Philipp > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
Hi William, You can do it by setting: ServerTransportOptions obfs4 iat-mode=2 at your bridge's side. Best regards, Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em quinta-feira, 25 de fevereiro de 2021 às 05:16, Toralf Förster escreveu: > On 2/24/21 9:34 PM, William Kane wrote: > > > Thank you for running obfs4 bridges with iat_mode != 0, only very few > > obfs4 bridges support the additional traffic obfuscation in both > > directions. > > At my client I have iat_mode=2 set but I do wonder how to set that as > default at a bridge? > > - > > Toralf > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On Thu, Feb 25, 2021 at 06:30:35PM +0100, Toralf Förster wrote: > SO why is this not the default? The feature introduces a substantial performance penalty for a dubious and poorly understood privacy gain. If I were to write an algorithm to detect obfs4, I wouldn't bother dealing with its flow properties; there are easier ways to identify the protocol. In hindsight, it was probably a mistake to expose the iat option to users and bridge operators. Cheers, Philipp ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
I just added that feature to my bridge today! That line of code should be on the tor site so that bridge runners can automatically add it to their torrc files. Sent from ProtonMail mobile Original Message On Feb 25, 2021, 12:30 PM, Toralf Förster wrote: > On 2/24/21 9:34 PM, William Kane wrote: >> Thank you for running obfs4 bridges with iat_mode != 0, only very few >> obfs4 bridges support the additional traffic obfuscation in both >> directions. > SO why is this not the default? > > -- > Toralf > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/25/21 6:32 PM, niftybunny wrote: And why did I read about this the first time in a mailing list? +1 -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
> On 25. Feb 2021, at 18:30, Toralf Förster wrote: > > On 2/24/21 9:34 PM, William Kane wrote: >> Thank you for running obfs4 bridges with iat_mode != 0, only very few >> obfs4 bridges support the additional traffic obfuscation in both >> directions. > SO why is this not the default? And why did I read about this the first time in a mailing list? > > -- > Toralf > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/24/21 9:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. SO why is this not the default? -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
"ServerTransportOptions obfs4 iat-mode=2" in torrc On February 25, 2021 11:16:52 AM GMT+03:00, "Toralf Förster" wrote: >On 2/24/21 9:34 PM, William Kane wrote: >> Thank you for running obfs4 bridges with iat_mode != 0, only very few >> obfs4 bridges support the additional traffic obfuscation in both >> directions. > >At my client I have iat_mode=2 set but I do wonder how to set that as >default at a bridge? > >-- >Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/24/2021 12:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. Kudos to you my friend. - William Should I take this as a recommendation to update my bridges to support iat_mode=2. Cheers. 2021-02-23 1:18 GMT, torjoy : Hi All, I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it? Best regards, Luiz Sent with [ProtonMail](https://protonmail.com) Secure Email. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- This e-mail was checked for spam by the freeware edition of CleanMail. The freeware edition is restricted to personal and non-commercial use. You can remove this notice by purchasing a commercial license: http://antispam.byteplant.com/products/cleanmail/index.html ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
On 2/24/21 9:34 PM, William Kane wrote: Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. At my client I have iat_mode=2 set but I do wonder how to set that as default at a bridge? -- Toralf ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
Thank you for running obfs4 bridges with iat_mode != 0, only very few obfs4 bridges support the additional traffic obfuscation in both directions. Kudos to you my friend. - William 2021-02-23 1:18 GMT, torjoy : > Hi All, > > I work with time and frequency references and run some tor bridges. What is > the objective of "iat_mode" setting? Is an good timming reference important > for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, > iat_mode=1 and iat_mode=2. > Could you explain or forward me to some reading about it? > > Best regards, > > Luiz > > Sent with [ProtonMail](https://protonmail.com) Secure Email. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Bridge operator iat_mode setting
Hi All, I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it? Best regards, Luiz Sent with [ProtonMail](https://protonmail.com) Secure Email.___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
Hi Luiz Am 23.02.2021 um 02:18 schrieb torjoy: I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it? There might be other sources, but this is a short and nice one: [ https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md ] § The Best Way To Use Bridges Note the use of the iat-mode=2 parameter. Setting iat-mode=2 (as opposed to iat-mode=0 or 1) causes obfs4 to inject traffic timing changes into your outgoing traffic, which is exactly the direction you want as a service. The bridge itself does not need to have the same setting. You can apply it to the client and/or the bridge. The outbound timing will be handled accordingly. -- Cheers, Felix ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays