On Sat, Mar 22, 2014 at 01:03:43PM -0700, Lance Hathaway wrote:
On the plus side, obfs3 is still pretty strong, and it's one of the common pluggable transports right now. Scramblesuit is not live in the official bundles yet (AFAIK), but it just released and has some pretty robust-looking defenses against active probing and other attacks. If you're working on something new to deploy, these should be included, without a doubt. They may indeed be deprecated in future, and in the worst case may become unusable or make the bridge more susceptible to being blocked. But if you go with a plain bridge or obfs2, you're already in your worst-case scenario. You have nothing to lose and everything to gain by enabling the newest pluggable transports.
Agreed. If the goal in setting it up as a bridge is to be useful to users who are otherwise censored from the Tor network, then running pluggable transports like obfs3 and ScrambleSuit will go a long way towards actually doing that.
For context, currently Tor works out-of-the-box (you don't even need a bridge) in nearly all countries except China, where vanilla bridges and obfs2 don't work currently: https://blog.torproject.org/blog/how-to-read-our-china-usage-graphs
Periodically Iran and Syria block SSL by DPI, which also takes out vanilla bridges.
If you want to be conservative, pick obfs3 and wait for ScrambleSuit to get more mature.
I would highly recommend adding the Tor package repository to the FreedomBoxes. As explained in [0], this won't always give you the latest version of tor, but it will provide security fixes. My hunch is that it will almost always also be a little fresher than Debian stable.
Yes -- I would consider doing this as much for security as for anything else. Debian stable can lag pretty far behind the actual Tor stable releases (depending on which year you're looking).
--Roger