On Tue, Aug 05, 2014 at 11:07:57AM -0400, Mark Smith wrote:
On 8/3/14, 2:37 AM, David Fifield wrote:
On Sat, Aug 02, 2014 at 11:28:08PM -0700, David Fifield wrote:
I made some test meek bundles that are capable of using the Amazon CloudFront CDN as a backend, in addition to Google App Engine that was supported before.
https://people.torproject.org/~dcf/pt-bundle/3.6.3-meek-2/
https://trac.torproject.org/projects/tor/wiki/doc/meek#AmazonCloudFront
To test it, go to the pluggable transport screen, and choose "meek-amazon" from the selection box.
I opened a ticket to discuss how this user interface can be improved.
https://trac.torproject.org/projects/tor/ticket/12777
While it's easy to add new entries like this (see https://trac.torproject.org/projects/tor/attachment/ticket/12777/0001-Add-an...), I'm worried that it's not so clear for most users. On what are they supposed to base their decision? How could it be better?
A possibility is that we could include just one option in the bundles, and distribute the others from BridgeDB or support assistants.
Would it be possible (and safe for users) for meek to try Google and then try Amazon upon failure? It seems like that is what users will need to do themselves, unless they have access to other information such as "meek-google is not a good choice in my country but meek-amazon might work."
It would be possible (it's just one more layer on top of everything). To probe both would create a little distinguishability: a censor could block first connection attempts to Google (while allowing later attempts), and see if the user tries immediately connecting to Amazon when the Google connection fails.
If we auto-probe backends, we would want to keep the property that you can configure your front from Tor Launcher. I was in an environment once where www.google.com was blocked but fonts.googleapis.com was not. I was able to connect by changing the Bridge line from Bridge meek 0.0.2.1:1 url=https://meek-reflect.appspot.com/ front=www.google.com to Bridge meek 0.0.2.1:1 url=https://meek-reflect.appspot.com/ front=fonts.googleapis.com
David Fifield