Remix.run Logo
heavyset_go 19 hours ago

> Such as obfs4, I presume.

Yep, but the author of obfs4 says not to use it, there are more modern transports with less flaws.

At the end of the day, the transport lists are public, but sharded, so it's truly just obfuscation no matter what transport protocol you use. Someone observing your connection with the resources to map out transport relays can tell if you're using Tor.

> Have you heard about it, or have you used it before?

I haven't, but it looks interesting. It seems they're doing a similar mixnet approach to SimpleX.

> I agree. How much more secure is that?

If you don't to rely on a third party to queue and relay your messages when your recipient comes online, it's one less party that you're sharing information with.

I also believe it opens you up to Tor correlation attacks, like what happened with Ricochet. Maybe an overlay mixnet can add some further obfuscation, as with SimpleX and RACE, but I assume those overlays are vulnerable to correlation attacks, as well.

johnisgood 19 hours ago | parent [-]

> Yep, but the author of obfs4 says not to use it, there are more modern transports with less flaws.

Such as?

heavyset_go 18 hours ago | parent [-]

Check out https://torproject.github.io/manual/circumvention/ and https://obfuscation.github.io/

johnisgood 7 hours ago | parent [-]

I know about those, but scramblesuit and meek and snowflake came before obfs4 I believe and they do not achieve the same thing obfs4 does, so I do not see a better obfs4 alternative here.