Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Censorship China Communications Government Privacy Your Rights Online

To Connect People Securely, Tor Project Seeks New Bridges 56

An anonymous reader links to an article at Ars explaining the dropping inventory of bridges available to users of the Tor project's encrypted messaging system. They're looking for more bridges, but that doesn't necessarily mean buying new hardware per se. From the article: "After campaigning successfully last year to get more volunteers to run obfuscated Tor bridges to support users in Iran trying to evade state monitoring, the network has lost most of those bridges, according to a message to the Tor relays mailing list by Tor volunteer George Kadiankakis. 'Most of those bridges are down, and fresh ones are needed more than ever,' [Tor volunteer George] Kadiankakis wrote in an e-mail, 'since obfuscated bridges are the only way for people to access Tor in some areas of the world (like China, Iran, and Syria).' For those who want to donate bridges to the Tor network, the easiest route is to use Tor Cloud, an Amazon Web Service Elastic Compute Cloud image created by the Tor Project that allows people to leverage Amazon's free usage tier to deploy a bridge."
This discussion has been archived. No new comments can be posted.

To Connect People Securely, Tor Project Seeks New Bridges

Comments Filter:
  • It turns out that a bridge makes a lousy hiding place

    • Why would this be modded offtopic? A Tor bridge is no different from a physical one, both with easily traceable paths. The simple fact is that under its present configuration the internet cannot be made secure. It's not even very robust. My old POTS line is still more reliable.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      No wonder my torrents over Tor have been a bit slower. Oh well, just have to do all of my torrenting when I am asleep.

  • by Anonymous Coward
    I don't have the technical chops or resources to help them out with obfuscated bridges, but I might be willing to donate a few bucks to a worthy cause.
  • by Anonymous Coward

    seriously guys... how long will this take until they just ban AWS IPs? and what use would be 1000 people signing up all to get similiar amazon IPs anyway

  • Let's say I'd be 'in' to help Tor. What are the risks for me, in a eastern country - like Romania ?
    • Now someone correct me if I'm wrong but there's entry node (which doesn't know if it's an entry or not) and a bridge then an exit node. The exit node, if the target website isn't using SSL, is vulnerable to looking like it's accessing whatever website/server the original viewer is on. So exit nodes are a bad idea. But bridges don't know the end target or whether it's an entry or intermediary bridge so basically it's just routing SSL traffic from one point to another and adding 1 more layer of encryption
      • Lol okay, I'll correct me. I just researched it and bridges reside outside the "onion" part. They're allegedly still fully encrypted but you'll probably look suspicious to someone somewhere running encrypted connections to Iran constantly.
      • Re:And the risks ? (Score:4, Informative)

        by Anonymous Coward on Thursday April 18, 2013 @06:12PM (#43487959)

        You are correct, as long as you configure your node as non exit, you are pretty much safe in nearly every european country and plenty of others.

        No traffic leaves the tor network through your node and thus nothing should point to you (if the network works, if it doesn't, there are a lot of problems for a lot of people).

        Depending on your country this can be very different. In some countries that do not have certain liberties simply having tor may be an issue, while tor does it best to hide everything and itself, it will likely stand out simply by being an encrypted connection, it may lead to you and lead to some questioning or worse.

        For the sake of all users in such situation, stop making encrypted connections stand out and make them the norm. There really isn't any reason that everybody should be able to know what you do. Not in a "free" country and not in a non free one. Use SSH wherever you can, just that will be helpful for tor since it can then hide between those connections a bit better. Force encryption on your bittorrent, it may even lead to speedup. And if you believe your country is fine, do host a tor relay, it doesn't have to be an exit node to help the network, although there is a shortage of those as well as non exit nodes. Maybe once upon a time everything everywhere will go through a tor like service, once we get pissed off by all the people being able to see what you do.

      • As far as I know, a bridge is a hidden entry node. Unlike regular ones, they're not published on a huge list.. you can only request a few via a certain url at a time.

  • by ptaff ( 165113 ) on Thursday April 18, 2013 @05:39PM (#43487749) Homepage

    Cupcake [github.com] allows you via a browser extension to run a bridge if you won't/can't install the whole Tor suite [torproject.org].

    Currently available for Chrome / Chromium [google.com], Firefox is in the works.

    Please help Tor!

    • Cupcake allows you via a browser extension to run a bridge if you won't/can't install the whole Tor suite.

      That is very helpful, thank you.

      I know of a company that might be willing to set up a bunch of these bridges as long as they don't find out about them. If you catch my drift.

  • wait, what? why? (Score:5, Interesting)

    by slashmydots ( 2189826 ) on Thursday April 18, 2013 @05:49PM (#43487805)
    How about someone with a fiber connection that I keep hearing about on slashdot just opens vidalia and configures it to run as an intermediary node. Isn't that functioning as a bridge? I have a 10MB connection but the upload is 1MB and my computer doesn't run anywhere near 24/7 or I'd run an intermediate node that way. Why the hell is anyone bother with amazon web services? Just for the bandwidth? Because I think my i5-2400 could encrypt thousands of people's SSL traffic on the fly easily so that just leaves bandwidth. So is there something else I'm missing or can people with massive bandwidth easily self host a bridge?
    • Re: (Score:3, Interesting)

      by raxx7 ( 205260 )

      You're not missing anything, running a bridge at your home is fine.
      But since you're not willing to spare your scarce bandwidth, then AWS instance is an easy and cheap way to contribute.

  • silkroad should pay (Score:4, Interesting)

    by purnima ( 243606 ) on Thursday April 18, 2013 @05:51PM (#43487835)

    Tor is totally decentrlized. But surely there has to be a decetralized system that incentives people to bridge in the network. Presently, we're asked to do this out of the goodness of our hearts, like a charity. "Think of the poor Iranian freedom lover's," meh, when we know fully well that much of the traffic is silkroad related and what ever other illegal crap has found a home in the Tor space.

    Whoever is running the apparently lucrative silkroad can make small bitcoin donations to "bridging" volunteers. It's cheaper than paying their taxes to a real government. You wanna distribute the north east Iranian goodies? pay for the network!

    • Mixing money into it is sure to invoke govt attention.

  • Comment removed based on user account deletion
    • Poorly worded headlines are the least of your worries here. We still have to deal with advertisements disguised as stories and summaries that contradict what the article really says.

  • by Okian Warrior ( 537106 ) on Thursday April 18, 2013 @08:07PM (#43488683) Homepage Journal

    If memory serves, four years ago the Iran elections resulted in much oppression and general chaos. A global call went out for Tor nodes and other resources in order to help the Iranian people at the time.

    The next Iranian elections will be in June of this year. Perhaps we should be forward-looking and set up a robust network ahead of time?

    Anyone remember these Slashdot posts of note?

    http://yro.slashdot.org/story/09/06/29/1230216/the-technology-keeping-information-flowing-in-iran [slashdot.org]

    http://yro.slashdot.org/story/09/06/22/1347228/mass-arrests-of-journalists-follow-iran-elections [slashdot.org]

    http://science.slashdot.org/story/09/06/16/2137203/statistical-suspicions-in-irans-election [slashdot.org]

  • by Thor Ablestar ( 321949 ) on Thursday April 18, 2013 @08:13PM (#43488731)

    ... While I always see 1-2 Chinese nodes in I2P NetDB, I have not seen any Iranian node. Why? Does it mean that anybody trying to connect is persistently looked for, or just the system is not popular? Or, maybe, TOR client is much less visible than I2P node and so is more secure?

  • I feel a lot safer running an open wifi that logs all connection than running a tor node. After all I know who my neighbors are. But who knows what goes through TOR? After reading a few scare stories of TOR volunteers getting their door kicked in and their gear confiscated, that's the reason I'm not running a node, although I support the idea. But if it's to support untraceable spam, kiddie porn and DDOS operations, no thanks. Anyone has a breakdown of the kind of traffic that goes through TOR?
    • I have run a tor exit node on my home DSL line for years. Never had a door kicked in. Only trouble I had was being blocked from boards.ie and geocaching.com

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...