[liberationtech] Signal ignores proxy censorship vulnerability, bans researchers
Adam Fisk
afisk at getlantern.org
Thu Feb 25 05:06:29 CET 2021
Hi Shava!
> My understanding is that this is something where you just make the bridges
> volatile and hard to notice because they change so frequently and are
> individually assigned. As obfuscation that's worked fairly well for
> countries where you have to bridge into the directory servers for Tor.
>
Yes, and last I knew Meek was the most effective bridge transport. I agree
this approach is generally sound and has nice censorship resistance
properties, especially if you only distribute bridge addresses privately --
essentially a trust network for distribution. The problem is largely one of
scale, as it's just hard to both distribute bridge addresses in a blocking
resistant way and hard to dynamically change the protocols bridges are
running quickly enough to keep up with censors as they deploy new
approaches. Meek alone is also pricey, and the overhead of obfs4 actually
ain't cheap either.
>
> Is this something like what you are talking about? I honestly haven't
> looked into the papers -- the weather is very unstable at this point in
> California's spring and it's been giving me migraines, tbh.
>
Oh no! I hope you feel better. I just escaped the Texas freeze myself, but
hey got some good sledding in =).
Yeah the active probing generally mentioned in the Tor post is what I'm
talking about. For more widely used tools, probes hit them within seconds
of spinning up.
In terms of safe or not safe, I'm not making any claims about Signal's
proxy. All I'm saying is that the server they deployed is trivial for
censors to actively probe, which means it just isn't very effective. I
actually don't understand what makes that controversial, as it's just true.
Cheers,
-Adam
--
--
President
Brave New Software Project, Inc.
https://lantern.io <https://www.getlantern.org>
A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20210224/a25dfa9e/attachment.htm>
More information about the LT
mailing list