[liberationtech] Browser-based Tor proxies

[Daniel Colascione]

On 1/3/13 5:25 PM, Steve Weis wrote:
> I noticed a Stanford project for setting up browser-based, ephemeral
> Tor proxies. In their words, "the purpose of this project is to
> create many, generally ephemeral bridge IP addresses, with the goal
> of outpacing a censor's ability to block them."

I'm extremely worried by the client enumeration problem. Nothing
could paint a brighter target on dissidents. Normalization is no
defense here, since it applies to any scheme for circumventing a
censorship system. (And with sufficient normalization, the political
will to continue censorship evaporates anyway.) Either it's okay to
identify clients to an adversary or it's not, and I'm under the
impression that the consensus is that it's not.

I also think the system could be easily rendered useless: I'm also
not convinced that it's possible for the mass of ephemeral proxies
to "absorb the busywork created by the adversary": to twist an old
aphorism, never get into a bandwidth competition with someone who
buys 10GigE ethernet cards by the crate.

While I do have to credit the authors with a good enumeration of the
possible threats to the system, I think these threats simply make
the system unworkable in practice. If the system becomes popular,
it's easy to block, and if the system *isn't* popular, it's easy to
identify who's using it.

Remember that the adversary need not completely block all
connections from ephemeral proxies: he need only impair usability to
the point that users give up.