Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation on automatic use of Multihop when DAITA is enabled #7069

Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion docs/relay-selector.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
but most are hosted on separate bridge servers. Even if most obfuscation protocols used include
encryption, that encryption is not to be treated as secure. We only use the obfuscation protocol
for its obfuscating properties, not for any security properties it might have.
- DAITA - Short for "Defense against AI-guided Traffic Analysis". A technique supported on some
WireGuard relays that makes website fingerprinting more difficult.

# Relay selector

Expand Down Expand Up @@ -74,6 +76,15 @@ selection algorithm using the weights that are assigned to each relay. The highe
relatively to other relays, the higher the likelihood that a given relay will be picked. Once a
relay is picked, then a random endpoint that matches the constraints from the relay is picked.

## Selecting a DAITA-compatible relay

Since not all Wireguard relays deploy DAITA, there are lots of tunnel endpoint constraints that
are fundamentally incompatible with DAITA. As such, if DAITA is enabled the relay selector may select
an alternative entry relay and implicitly use multihop in order to achieve a seamless user experience.
The user's tunnel endpoint constraint is respected for the exit relay.

The user may opt out of this behaviour by toggling the "Direct only" option in the DAITA settings.

## Bridge endpoint constraints

The explicit constraints are:
Expand Down Expand Up @@ -108,4 +119,3 @@ will indirectly change the bridge state to _Auto_ if it was previously set to _O

Currently, there is only a single type of obfuscator - _udp2tcp_, and it's only used if it's mode is
set to _On_ or _Auto_ and the user has selected WireGuard to be the only tunnel protocol to be used.

Loading