tor-dev May 2013

tor-dev@lists.torproject.org

64 participants
50 discussions

[Fwd: Welcome to the "tor-dev" mailing list]
by bones44x6013＠tormail.org 22 May '13

22 May '13

Hello again, Now that after several hours of work, we have come full circle back to the same email address I used for my original contacting you? I was not allowed to contact you through this address because I was not a registered user of this system? Now that I am a registered user of this system, I still have the same questions for you...Is this your most secure form of communication and is it safe for me to send you this information via a MS word document here through this email? This information should only be viewed by top Tor Developers and Management it is not meant for general discussion or a general discussion board viewing. This is the reason for my asking again about this again. I am providing you with a new technique for the secure communications of bridge address network locations. This method is proven and will work for you. Bones44 ---------------------------- Original Message ---------------------------- Subject: Welcome to the "tor-dev" mailing list From: tor-dev-request(a)lists.torproject.org Date: Wed, May 22, 2013 4:25 pm To: bones44x6013(a)tormail.org -------------------------------------------------------------------------- Welcome to the tor-dev(a)lists.torproject.org mailing list! To post to this list, send your email to: tor-dev(a)lists.torproject.org General information about the mailing list is at: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: https://lists.torproject.org/cgi-bin/mailman/options/tor-dev/bones44x6013%4… You can also make such adjustments via email by sending a message to: tor-dev-request(a)lists.torproject.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: zenuokna Normally, Mailman will remind you of your lists.torproject.org mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you.

2 1

Move RecommendedTBBVersions from check.torproject.org to www.torproject.org
by Micah Lee 22 May '13

22 May '13

I just opened a ticket for this: https://trac.torproject.org/projects/tor/ticket/8940 Right now the way to check for the current TBB version is by loading https://check.torproject.org/RecommendedTBBVersions. It would be really helpful if there were a way to check the current version of TBB from a URL at https://www.torproject.org/. The main website has a .onion address, and all of the Tor mirrors listed at https://www.torproject.org/getinvolved/mirrors.html.en are mirrors of the main site, not check. So if you want to only use the hidden service or only use a mirror (because *.torproject.org is blocked on your network), there's no way to easily know the current recommended version. -- Micah Lee @micahflee

1 0

building from source in a 64-bit windows environment..
by not me 20 May '13

20 May '13

Hi, It seems fairly self-evident that tor hasn't been build for 64-bit windows and questionable whether it's ever been built in an environment that doesn't utilize mingw. There are literally hundreds of thousands of warnings about integer truncation, at least some of which seem somewhat problematic (64-bit pointer being stored in a 32-bit integer (why?! why?!)), a small amount of signed/unsigned comparisons or sign extensions, and a bunch of calls to functions without including the proper header files or using the correct function name ('open()' vs '_open()' without including io.h) and so on. This of course is ignoring all the calls to str{,n}cpy/{v,}s{,n}printf/etc and posix function names long since deprecated (fileno() vs _fileno()) and so on. Errors relating to MSVC finally including a stdint header (cstdint) and typedef's for intptr_t not producing the right size primitive, etc. I realize that many/most/all of the developers here are going to see no problem with using mingw, but if you spend some time looking underneath the hood and reviewing the code generated by mingw v. msvc both in terms of security features and general performance, I can't feel that its a prudent or responsible choice to produce anything under windows using GNUs development tools. So I'd prefer to just eliminate all such 'fixes'. Moving to 32-bit isn't an option either, I'd have to switch out far too many dependencies that frankly are a bit more important, and well I need 64-bit for some aspects and it's only been a decade since AMD released their first 64-bit chip. So, has anyone out there successfully built tor with a 64-bit msvc, and if so, you don't happen to have a list of voodoo tricks you performed or a diff or similar? Thanks.

6 22

RFC patch: systemd socket activation
by Marti Raudsepp 20 May '13

20 May '13

Hi list, The attached patch implements support for systemd socket activation. For people who don't know what that is: systemd is an "init" system for Linux. Socket activation means that systemd binds all the sockets in advance, and only spawns Tor once somebody attempts to connect. More information here: http://0pointer.de/blog/projects/socket-activation.html I rarely use Tor, so there's no reason to have it running all the time (wasting battery on my laptop), but it's also annoying to launch it manually every time. Socket activation is ideal for this use case. There are 3 changes to the startup process: 1. Before loading the configuration, Tor identifies all sockets passed in by systemd and creates pending_socket_t objects. I considered reusing connection_t, but that seemed to require way more modification to the code. 2. After parsing configuration, when Tor would otherwise create new listeners, it first tries to match up the address/port to existing pending sockets. If a pending socket does not match, it opens a new one as usual. 3. After configuration parsing is done, Tor closes all remaining unmatched systemd sockets and logs a warning for each one. This infrastructure can also be used to support "launch-on-demand" with launchd on OS X, but I have no experience with that. Known problems: * TCP and UDP sockets work, but Unix sockets are not currently yet implemented. * It's impossible to support hibernation as is for systemd sockets -- the systemd daemon still keeps a reference to the listener socket even after we close it, and it's impossible to re-bind the port later. * Closing unmatched sockets is a bad idea for the same reason: systemd still keeps it open and connections hang forever. Perhaps a better solution is to keep the socket and simply reject all connections, ditto hibernating connections? I have added the source of sd-daemon.c into Tor -- it's easier to manage this way and we don't introduce any new library dependencies (it's 804 LoC total). This approach is also encouraged by systemd itself. The code turns into a no-op when built on Windows. Full patch is attached, also available as individual commits from my GitHub clone (branch "systemd"): https://github.com/intgr/tor/tree/systemd Regards, Marti

3 4

Re: [tor-dev] Questions pertaining to client to directory authority
by Jon Smithe 20 May '13

20 May '13

Hello, I receive a daily digest, so I am replying to everything at once. > http, https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt > > section 1 line 184 "All directory information is uploaded and > downloaded with HTTP." > > If you search through the document for http, you will find most of the > uris and related info youre looking for. Well look at that, thank you. That's what I get for skimming a bit too much. > From: Roger Dingledine <arma(a)mit.edu> > To: tor-dev(a)lists.torproject.org > Subject: Re: [tor-dev] Questions pertaining to client to directory > authority communications > Message-ID: <20130519212036.GK31806(a)moria.seul.org> > Content-Type: text/plain; charset=us-ascii [...] > Yeah -- I'm afraid there's a lot to learn at this point. Perhaps when > you figure out the bootstrapping process to your satisfaction, you'll > write up a summary and then we can correct it as needed and have a better > answer for the next person? As pointed out above, I missed some things while reading the specifications, I hadn't quite made it to the bottom of the 3rd version of the directory spec, which is where all the URIs are and is largely what I was looking for. Piecing together all of the URIs and their exact contexts through the code was proving to be daunting, although surprisingly I got most of what I was looking for correctly. Either way, assuming I feel like I understand things well enough to explain them at some point, I would think at least throwing together some type of flow diagram would be fairly painless and I imagine others would indeed benefit from it. For anyone reading this in the interim, I actually found starting with the v1 specification and working towards the v3 was beneficial. I imagine a lot is outdated, but it somehow managed to make me take note of other things I had missed in the v3 spec. > Each directory authority actually has two ports baked into Tor. E.g., > "moria1 orport=9101 no-v2 " > "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " > "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", > > has 9131 as its DirPort (answering naked http requests), and 9101 as > its ORPort (doing the Tor TLS handshake). Note that clients by default > connect to the ORPort and then tunnel their http request through it > (see the 'begindir' relay cell command), both for authentication and to > prevent simple DPI-based blocking. Aha, so I imagine with moria1 the issue is that I'm connecting directly to port 9131 instead of tunneling it through the ORPort. I just retested to make sure I hadn't lost my mind and indeed directly connecting to port 9131 eventually just returns a single byte ('\0'). This seems to be the case with turtles as well, however the other authorities that serve the dirport over the traditional HTTP port (80) seem to not have this authentication/DPI evasion behavior. > That's for asking v2 directory questions, not v3. > > We disabled it because of > https://trac.torproject.org/projects/tor/ticket/6783 I suspected that might be the case. Thanks for the answer. > Building what basically amounts to a botnet of old Tors, all clamoring > for obsolete directory information, has certainly proved a learning > experience. :) I can imagine you've had a few headaches over the lifetime of the project :) > Try the v3 protocol, not the v2 protocol. > > I just made > https://trac.torproject.org/projects/tor/ticket/8913 > > > (tor26 does have the no-v2 flag set which might be the issue?) > > (Hm? No it doesn't.) Indeed you are correct, I must have gotten the lines crossed while reading them somewhere and mixed it up with another of the authorities. Either way, despite my criss-cross, my hinting suspicion was correct: trying to speak v2 to v3 servers (off-hand I'm not positive which authority I was connected to when I tested/wrote that) > I think the specs do a pretty good job of explaining what is supported, > but as you say they don't specify how you should use the protocol. > > Some of that is in path-spec.txt. Indeed, I spoke too soon > But see also https://trac.torproject.org/projects/tor/ticket/7106 I will be mindful of this as I progress, it's quite evident by all of the various measurements tor takes that there is a lot of care in the behavior of the various components. . > > I have other questions about aspects of the protocol, but I will mostly > > save those until I understand the basic blocks of it better. But to > > exemplify somewhat, it does seem that the introduction of guard nodes would > > cause an inverse of desired effect; there appears to be about 1000-1100 > > guard nodes versus a several thousand relays, and about 800-900 exit nodes > > so it would seem that mitigating the attack where an attacker controlled C > > number of nodes is essentially pointless as one would only need to control > > a set number of guard and exit nodes and can more or less ignore the relays > > in between, so whereas you needed say C/N nodes previously, one would only > > need Cg/Ng (Cg controlled guards / Ng Number of guards). > > It seems you're leaving out Ce/Ne, and/or assuming that the adversary > controls/observes the destination also. Well I was more assuming that any adversary that could inject enough guard nodes would also be able to inject 'enough' exit nodes, as my understanding is that this is an actual flag they control directly. > I agree that the guard notion is counterintuitive, and also it's not > perfect, but I think it's way better than not doing it. I've not had a chance to read the links you provided, so I am still speaking from my relatively feeble comprehension, but essentially it seems like the guards more or less condense the number of entry points to the network? Whereas there are thousands of potential relays that could be used as an entry point, there is about a thousand guard nodes. So, and again I am probably not entirely comprehending something, but it seems that we've just made the requisite value for C smaller? (Again assuming that anyone who could get a large volume of relays of any kind could reasonably also control a large volume of exit nodes) > You might like http://freehaven.net/anonbib/#ccs07-doa > (though it doesn't come with analysis of the guard design, and there's > still some debate about how the guard design changes things). > You might also like Mike Perry's work on Path Bias detection. See > https://trac.torproject.org/projects/tor/ticket/5458 and also look > in the changelog for the string "Bias". Will do, thanks! > 1 guard is better than 3 guards in this respect. But both 1 and 3 are > way better than 0. While I agree with this notion, I guess what I am asking is: 'are 3 guard nodes better than X generic entry nodes for values of X that are significantly larger than 3' (pure example. obviously there is more than 3 guard nodes). As I'm understanding things, the concept was introduced to combat the problem discussed in path-spec.txt section 5 (C/N^2), but it seems like the introduction of guard nodes, because there are so much fewer of them than regular relays and because they are guaranteed to be an entry point into the network in essence just makes the value of N smaller and thus the number of C required to mount at least half of the attack smaller. More over it also removes the 'guess work' as intermediate relays between the guard and exit more or less become irrelevant? Rephrased, does converting the problem to C/N instead of C/N^2 still hold true if in the process we make the values of N and thus C significantly smaller, at what point does C/N^2 present a better probability? I'll read more, I am obviously missing something. Thanks a lot for the links and information. Jon

1 0

Questions pertaining to client to directory authority communications
by Jon Smithe 19 May '13

19 May '13

Hello! I have been reading through the various tor specifications trying to understand how this all works, so please forgive any ignorance of the protocol on my part. There seems to be a fair amount of gaps about specifically how various communications take place; for instance if we consider the very beginning of the communication chain, Directory Authorities, we have the dir-spec.txt file which outlines rather well what type of information can be retrieved from the directories, but not what communication protocol is actually being used. It appears that the usage of HTTP is fairly inherent, but this seems like it is only a partial answer as only some of the trusted authorities seem to speak HTTP on the address & port combination compiled into tor, moreover at least some of the authorities do not appear to implement the specification entirely. For instance, the trusted authority at MIT, 'morial' is listening on port 9131, however attempting to retrieve the network status document from it via a GET request to /tor/status/all.z results in no output at all. I would assume if this was a matter of needing to connect via SSL that I would receive an error due to a bad handshake, but I get nothing back. This holds true for at least one of the other trusted authorities listening on a non-HTTP related port (turtles). So for those servers, exactly what protocol is being used and is it documented anywhere other than the source code? Then, for instance, if we connect to 'tor26', which does respond to HTTP requests and attempt to retrieve a v2 network status document via the /tor/status/all.z URI, we receive a 404 although it appears the document that should exist there exists on other URIs, it's not entirely clear if this is just outdated code, specific to particular versions of the protocol (tor26 does have the no-v2 flag set which might be the issue?) or what exactly. So the question is, are there accurate specifications anywhere that focus not only on the semantics of cryptography and rationale behind certain choices but also the specifics of how exactly the protocol works or am I 'stuck' with reading the source code? I suspect that it is the later, so my question would be is there anyplace where the control flow is somewhat documented? (As the flow is somewhat disjointed at least in part to the way libevent works and other such aspects that make it difficult to parse if you're not familiar already with how everything is interconnected). I have other questions about aspects of the protocol, but I will mostly save those until I understand the basic blocks of it better. But to exemplify somewhat, it does seem that the introduction of guard nodes would cause an inverse of desired effect; there appears to be about 1000-1100 guard nodes versus a several thousand relays, and about 800-900 exit nodes so it would seem that mitigating the attack where an attacker controlled C number of nodes is essentially pointless as one would only need to control a set number of guard and exit nodes and can more or less ignore the relays in between, so whereas you needed say C/N nodes previously, one would only need Cg/Ng (Cg controlled guards / Ng Number of guards). If we then factor in that it seems possible that a guard or relay can essentially indirectly control the route a circuit takes through the network by continually causing cell extensions to fail for all relays and exit nodes that they do not control, then the value for Cg would seem to not need to be overly large or at least not approach the values of C or Cg (C/N or Cg/Ng). This seems incredibly reasonable for attackers that have state level resources (What is 1,000 computers to China? Iran? ...the United States?) and because the algorithm for selecting guards appears to be based entirely on stability and bandwidth; metrics we can expect a government to have plenty of on hand. I understand that rotation is supposed to ease this somewhat, but at least according to the academic paper out of Waterloo that Roger co-authored, it would appear that this actually facilitates the compromise of more clients than eases the problem, with the most secure (in the lab) situation being a single guard. (I understand that in practice this will not be realistic as it creates a bottle-neck in a variety of ways, e.g. firewalls and DDoS). I suspect many of the questions I have will be answered as I better familiarize myself with the protocol, so of the few I've enumerated, they can be thought of exemplifications that I expect will hash themselves out as I progress through the source and specifications. Thanks a lot! Jon

3 2

Your server has not managed to confirm that its ORPort is reachable
by Christian Kujau 19 May '13

19 May '13

Hi, I had to reboot my bridge for a (Ubuntu) kernel upgrade but now it cannot confirm that the ORPort is accessible: May 17 20:20:36.000 [notice] Tor 0.2.4.12-alpha (git-a1bb0df9be95ce7a) opening log file. May 17 20:20:36.000 [notice] Not disabling debugger attaching for unprivileged users. May 17 20:20:36.000 [notice] Your Tor server's identity key fingerprint is '...' May 17 20:20:36.000 [notice] Configured hibernation. This interval began at 2013-05-13 10:00:00; the scheduled wake-up time was 2013-05-13 10:00:00; we expect to exhaust our quota for this interval around 2013-05-20 10:00:00; the next interval begins at 2013-05-20 10:00:00 (all times local) May 17 20:20:36.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. May 17 20:20:37.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. May 17 20:20:37.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. May 17 20:20:40.000 [notice] We now have enough directory information to build circuits. May 17 20:20:40.000 [notice] Bootstrapped 80%: Connecting to the Tor network. May 17 20:20:41.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. May 17 20:20:41.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. May 17 20:20:42.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:30001' May 17 20:20:42.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:20001' May 17 20:20:43.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. May 17 20:20:43.000 [notice] Bootstrapped 100%: Done. May 17 20:20:43.000 [notice] Guessed our IP address as ... (source: ...). May 17 20:40:43.000 [warn] Your server (...:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I have not changed my tor configuration (honest! :-)) and Tor 0.2.4.12-alpha (from deb.torproject.org) was running fine before. This particular bridge is running inside an Amazon EC2 instance and I can reach port 9001 from the outside: $ nc -w1 -vnz xx.18.xx.xxx 9001 Connection to xx.18.xx.xxx 9001 port [tcp/*] succeeded! And I can see that request on the bridge when tcpdump'ing :9001, so it's not a network issue. I'm not sure what "/etc/hosts" should have to do with it, but I haven't modified this either. I'm strace'ing the tor process now to see what it's doing but couldn't find anything suspicious so far. Any thoughts? Christian. -- BOFH excuse #139: UBNC (user brain not connected)

2 3

Tor Browser source tarball not available
by Jamie Nguyen 15 May '13

15 May '13

Hi, the source at this link is missing: https://www.torproject.org/dist/torbrowser/tor-browser-2.3.25-8-src.tar.gz I'd be very grateful if someone could upload it please. Kind regards, -- Jamie Nguyen

1 0

Status of Torouter project
by Griffin Boyce 14 May '13

14 May '13

Hello all, So I'm part of a team working on wireless mesh, and Torouter has come up a few times this week. Is it actively being developed? Given the state of the roadmap [1], I'd sort of assumed it was inactive or on hiatus, but others had heard differently. thanks, Griffin Boyce -- Technical Program Associate, Open Technology Institute #Foucault / PGP: 0xAE792C97 / OTR: saint(a)jabber.ccc.de

4 5

BridgeDB - Bridge Distribution Modifications
by Matthew Finkel 14 May '13

14 May '13

Hi all, Over the last few weeks I've been working with George and Aaron on updating BridgeDB's code with respect to how it handles pluggable transports. I've made some decent progress, but there are some questions that I'd like to ask (because I'm not sure I should be the one making the decision). I've also started updating the spec and there are some parts on which I'd like some clarification. I'll try to summarize the thoughts on the matter we/I have thus far. See [A] if you're unfamiliar with the BridgeDB code/spec/idea. 1) How should BridgeDB decide the number of transports, and types, it should hand out? - My current patch returns transports based on the ratio of how many there are compared to the other bridges, so that if we hand out four bridges and obfs2 bridges account for 3/10 of all running bridges, then BridgeDB will hand out (4*(3/10)) = 1.2 bridges with each request, on average. - I've also added an option into bridgedb.conf to set the (expected) minimum and maximum number of bridges which support a specific PT that BridgeDB should hand out per request. - I have a verification check that tries to force us to meet these values, however, with its current implementation it's not guaranteed, only probabilistic. I think this is okay for now. - So, is this enough? Do we want/need a deterministic method of supplying bridges with a supported set of transports? - Another option is to place each transport into its own subring and select from each of the subrings to ensure we meet the requirement. The more I've thought about this, the more I think this defeats the purpose of constructing the rings, though. - Last (for now), if a bridge supports multiple PTs, should we return all of them to the user or randomly select one or select one with a bias? We agreed that we really shouldn't do the first because that would just accelerate the ability of a censor to block more bridges. The middle option works, but given that many bridges now support obfs2 and obfs3, is it a good idea to, again, probabilistically return each type (roughly) half the time? 2) Should we prefer to distribute PT bridges over regular bridges which have their ORPort on 443? - Right now returning ORPorts on 443 is the highest priority and transports are a secondary best-effort operation. 3) Unless I incorrectly understand the code, the bridges never rotate. The bridge interval is set to NoSchedule(), which means it returns a static time. Is there a reason for this? This is counter to the spec. Just wondering. :) (I had some other points I wanted to raise, but I'm blanking on them now. I think this is a good start, though.) Please also let me know and correct anything I may have gotten wrong. Thanks everyone, and thanks to George and Aaron for their help, as well. - Matt A. For those who don't know the details of the code, the simplified version is as follows: 1) All bridges send their bridge descriptors and misc information to the Bridge Authority. 2) Bridge Authority provides a network status file containing all known bridges described by their name, fingerprint, digest, time of publication, IP addr, ORPort, DirPort. Bridge Auth also provides a bridge descriptor file also specifying the bridges IP addr, ORPort, and fingerprint. Last, it supplies an extra-info file that contains all the extra info that the bridges provide - mainly their transports, in our case. 3) BridgeDB parses all of these files and associates the information to a single instance of a bridge. 4) BridgeDB assigns each running bridge to a distributor (website, email, etc) based on an hmac of the bridge's ID. Once assigned, the bridge is inserted into the distributors list of bridges. 5) BridgeDB then further organizes the bridges assigned to each distributor by moving them into rings and subrings. - A ring is simply a sorted list of an hmac of the bridges' ID which, when traversed, wraps around to the beginning if it ever reaches the end. - The hmac of the bridge's ID is used to retrieve the actual bridge instance from a hash, which is stored along side the ring. 6) Some distributors, such as https, are 'initialized' with a few rings based on filters. - https starts out with a ring containing all bridges assigned to it, a ring only containing bridges which support IPv4 connections, and a ring only containing bridges which support IPv6 connections. - Every ring also contains two subrings (currently). One subring is the subset of bridges from the parent ring which have their ORPort listening on port 443. The other subring is the subset of bridges from the parent ring which have the stable flag set. - For example, - Cluster 1 Ring - subring (stable) - subring (https) - Cluster 2 Ring - subring (stable) - subring (https) - IPv4 Cluster 1 Ring - subring (stable) - subring (https) - IPv4 Cluster 2 Ring - subring (stable) - subring (https) - IPv6 Cluster 1 Ring - subring (stable) - subring (https) - IPv6 Cluster 2 Ring - subring (stable) - subring (https) 7) When BridgeDB receives a request for bridges from its website, it forwards the query on to the IP distributor. The details will include if a specific PT was requested, IP version bridge supports, country within which the bridge should not be blocked, requesing IP address, and interval. 8) The distributor then decides on the "area" of the IP address, currently the /24 mask, and then finds the "cluster" within that area (by taking the first eight bytes of an hmac of the area and using the result (modulus "the number of clusters")). A filter is then constructed based on the requested information. If a ring already exists that satisfies exactly these filters then that is then constructed based on the requested information. If a ring already exists that satisfies exactly these filters then that is used. Else a new ring (with subrings) is constructed to satisfy this request. The distributor also computes the position in the ring as the hmac of the interval and the area. 9) Once the correct ring exists, it determines how many bridges it can find in the ring's subrings to satisfy the request. This is done by taking the previously computed position and finding it in the list of bridges ID's hmacs and then selecting the next consecutive "requested number of bridges" from the list (wrapping around to the beginning, if necessary). The same is then done for the main ring. The results from these searchs are then joined and the first "requested number of bridges" unique keys are selected from the list. This list is then sorted and returned, propagating back up to the user. 10) Similar actions are taken by the other distributors. For example, the email distributor doesn't use an "area" to decide which bridges to distribute, it uses the normalized requesting/source mail address. 11) Misc: - Because the rings are sorted by an hmac of the bridge's ID, I expect that they will be uniformly distributed around the ring. As such, I don't expect there to be a bias for one type of bridge/transport/ORPort over any other. (Is this incorrect?)

2 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-dev May 2013