On 5/3/15, intrigeri intrigeri@boum.org wrote:
... Just to clarify, the threat model explicitly doesn't include "Attacker is able to reconfigure Tor on a client system to use an arbitrary set of bridges", right?
correct.
neither bridges nor pluggable transports are supported. i have added a FAQ entry for this. thanks!
in the future, it would be useful to have a way to securely distribute bridges or obfuscated proxies to trusted user on the local network. however, this is not a trivial task, and you'd want to avoid compromising all of your bridges at once if a failure occurs.
last but not least, if your attacker is coordinating the attack over Tor, obviously this cannot be thwarted at the local network level by a Tor router device. host security is critical, even with a Tor enforcing router as backup. that's a longer subject i need to think about more before writing anything useful.
best regards,