On being targeted by the NSA
As quoted in the original article on Das Erste:
We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users -- from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies -- is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.
Trying to make a list of Tor's millions of daily users certainly counts as widescale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality -- it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.
Good thinking, but it's not clear to me that this step would help as much as you hope. First, it isn't actually free to layer obfs3 on top of things -- many of the fastest relays are CPU-bound from doing AES, and adding an obfs3 layer effectively doubles the amount of work they'd do.
Second, the list of relays is still public, so they could still recognize Tor flows by their endpoints.
Also, the rules published in this article are not the entirety of their rules. We could easily imagine xkeyscore rules to recognize obfs2 flows, including a "does it have at least this much entropy" rule. Doing traffic obfuscation to defeat a real-time adversary who is deciding whether to filter you is quite different from doing obfuscation to defeat an adversary that computes on the flows after-the-fact. The latter seems much harder.
All of this said, I'm increasingly thinking that some sort of better obfuscation layer by default, between clients and the Tor network, would be useful. A simple DPI rule is one that they can write, deploy, and leave in place for weeks or months. A rule that involves grabbing a snapshot of IP addresses means pushing out new rules much more often. Maybe that's a difference that matters in practice. Also, using transient bridge addresses (a la Flashproxy) could be a big step forward in the arms race.
This comes up every once in a while, and obfs3 specifically is as "not-that-great" of an idea as the last time I commented on it.
arma appears to think that there is benefit to using some obfuscation for the link protocol, but I'm not convinced if that would raise the bar to the point where it's worth the engineering effort.