Hacker News new | past | comments | ask | show | jobs | submit login

That's a complicated question. This talk from CCC in 2011 addresses some of the points (and is very interesting in it's own right):


Tor already uses SSL, so I'm not sure how valuable encapsulating it in HTTPS would be. In fact (and this is from memory, so I may be wrong), some governments were able to block Tor by looking at certificate expiry date - Tor uses short lived certificates, but no real https site is going to use an ssl cert that expires in a couple hours. There were some other ways to fingerprint Tor traffic, but I'd have to watch the video again to remember.

The Tor developers also apparently have a list of potential ways to identify Tor traffic, but haven't fixed all of them because they're waiting for evidence that they're being used to block Tor traffic first.

As for relays - the bridge system addresses that. It's difficult or impossible to compile a complete list of bridge nodes, so that method should be pretty effective. It's also possible to run a "private" bridge and share it out of band with other. That method certainly should make relay identification extremely difficult.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact