On Mon, Nov 28, 2016 at 07:23:16PM -0800, David Fifield wrote:
There are many bridges in Onionoo that seem to follow a common naming convention: two dictionary words concatentated, then truncated to 16 characters. That, plus the fact that many of them run on the same platform, run only the obfs4 transport, and have related last_restarted times, makes me think they are somehow related and perhaps malicious. In a sample of 200 Onionoo bridges, 19% followed the convention. I noticed this by accident and I'm not planning to look into it more, so I'm dropping notes here.
I managed to get one of these bridges (nickname "thirsterworthwhi", hashed_fingerprint 6FA21996A631A9E51A53E4867E887F95BDD1145D) from BridgeDB. It is running in AS 14061, "DIGITALOCEAN-ASN - Digital Ocean, Inc., US".