Confusion about censorship vs. avoiding detection

We now have four bridge types to avoid censorship. These are obfs4, meek, snowflake, and now webtunnel. However, I am not interested in censorship, since this is not a problem for me. Rather, I am interested in avoiding detection that I am using the tor network, specifically when it comes to global adversaries, like NSA and GCHQ.

Would obfs4, snowflake, meek, or webtunnel prevent global adversaries from detecting my tor activity? Would using these protocols in conjunction with a no-logs vpn (you → vpn → tor) increase the chances of not being detected? I want to avoid correlation attacks + I want to avoid being identified as a tor user in general.

If the answer is no or likely not, then should I use bridges at all, given that I am concerned with mass surveillance / bulk collection, not censorship? Or should I not use them?

Thank you for your help.

Not a full answer + I’m not an expert, but

Being hard-to-detect is what makes anti-censorship protocols what they are, so yes. Though you have to keep in mind that those who want to detect Tor usage and not just block it are probably more advanced in what they do.

What I’d consider instead is running a Tor relay from your home, if possible. I believe this should make it hard to distinguish between your Tor activity and your relay’s activity, though you better check if it’s true.

2 Likes

To my understanding the censorship avoidance elemet of tor (bridges) is mostly for people in countries where tor and VPN are blocked or could lead to trouble if proven to have used.

If you don’t live in a country where tor is blocked or discouraged then you don’t really have much need for a bridge.

With your aim being to hide the fact you’re on tor from big agencies I would suggest a decent no logs VPN which requires no information and you should pay using either cash or Monero. Mullvad is a good option.

Once the VPN is running its best to connect directly to tor rather than adding a bridge with VPN as it won’t gain anything but could cause unintended weakness.

A bridge can be owned and controlled by anybody and the bridge handles all traffic for your browsing sessions, it can’t read anything due to encryption but it does create one fixed point where all data up and down will need to pass.

With this in mind, and the fact they’re often used by people in risky countries, its probably not unwise to assume that such agencies would have lots of interest in bridges. Creating them and monitoring them through recording encrypted data gives them something to compair against exit nodes.

VPN is a private secure network which uses datacenters based all over the world, watching them all and matching against nodes is just a hopeless effort. If you use multihop then its even harder still (but slower).

I hope this helps and good luck out there!

Thank you for the replies so far.

I assume that a state-level threat actor would want to monitor all the tor nodes they can, regardless of whether they are bridges or not. As for the vpn option, I believe there is somewhere in the tor faq that discourages against using a vpn before using tor. Also, it does not matter if you pay for mullvad anonymously, since they still know your real ip address, which can be tied back to your real identity. So what matters is if they are honest about keeping no logs + are not themselves hacked by state-level actors + somehow magically able to prevent someone from the NSA from monitoring the traffic in and out of the vpn server and logging it themselves in their systems. Unless you are somehow able to do You → Tor → Mullvad paid completely anonymously, I am not sure that the vpn option helps me. But thank you for your input.

This is true but the tor network is so mixed and so busy that attempting to isolate one stream of traffic for one user all the way from exit to client is going to be next to impossible. They could monitor all exits but they would actually need something earlier in the chain for comparison matching, such as a bridge.

Bridges still know what your real IP is, Mullvad has been audited several times over and servers have been seized which resulted in no data being recovered. Tor is not protected against state level actors at both network and client level.

Tor can’t prevent this and if anything its easier to monitor tor than it is to monitor all VPNs since tor network is one network whereas VPNs are different networks rented by many companies

That is indeed possible and they have created guides on how to do so, it will still mean your ISP can see you’re using tor so there goes the ability to hide from NSA. You > Mullvad > tor is the safest way. Tor and Mullvad VPN

That was written years ago and is for case specific situations such as using VPN in a country where its blocked or using VPN on a small network (which your ISP isn’t).

Thank you for your comment. With all due respect, I trust the people who run the tor project website more than you. See http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/faq/faq-5/index.html and http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/legacy/trac/-/wikis/doc/TorPlusVPN .

Looking into Tor blog comments section, you can find some good insights about PTs and Tor detection. In 2014, discussing meek, dcf wrote this interesting comment:

"In my opinion, none of the transports gives you the degree of unobservability you would want if your life were truly at stake. As always, it is a question of risk and resources. Using Tor is probably safer than not using Tor, and pluggable transports are by design harder to detect that plain Tor traffic. But none of the pluggable transports provides strong protection against an adversary who will hurt you for merely using a circumvention tool. Consider that the censor may be recording all traffic, and even if it cannot detect a circumvention tool today, it may be able to in the future, and punish users retroactively.*

Using bridges will probably make harder to detect that you’re using Tor. But it might be best to follow the behavior of other Tor users in your region.

2 Likes

10 years later, are the snowflake and the webtunnel protocols good enough to avoid NSA detection of tor usage? Or are they still not good enough to give " you the degree of unobservability you would want if your life were truly at stake"?