On Sat, May 04, 2013 at 02:09:33AM -0700, Mike Perry wrote:
Thus spake Andrew Lewman (andrew@torproject.is):
On Fri, 3 May 2013 16:05:15 -0400 "Runa A. Sandvik" runa.sandvik@gmail.com wrote:
I disagree. The Tor help desk sees a ton of requests from users saying that Tor is unable to connect, and the simple fix is to give them a bridge or two. Not all users know what they need to connect, and not all users will know the difference between bridge, obfs2, and obfs3.
One answer is the user shouldn't care. Tor Browser should automatically loop through the various kinds of connectivity and just connect. non-obfs bridges really should get wholly replaced with obfs bridges en masse.
Yes that's true, ideally the user shouldn't have to care, or enter random data into text fields, except as last resort.
However, we can't just probe everything because we don't want to probe for the public Tor network if you're censored. Best case: client IPs that are observed to probe various known Tor transports get targeted for more agressive censorship (the censor could just fail any unrecognizable traffic for N minutes after someone touches a public Tor IP, for example). Worst case: Targeted exploits are deployed that aim to subvert their computer in general, via Tor or otherwise.
Aside, there are this ticket and blog post, about how it may be hard to optimize for both use cases at once.
"Config option to declare whether you're using bridges for reachability or for security" https://trac.torproject.org/projects/tor/ticket/4624 https://blog.torproject.org/blog/different-ways-use-bridge
David Fifield