Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2021-06-17T14:21:51Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/16Network checks before allowing the user to start the proxy2021-06-17T14:21:51ZHashikDNetwork checks before allowing the user to start the proxy- NAT check
- WebSocket reachability check- NAT check
- WebSocket reachability checkHashikDHashikDhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/14CI for the project2022-05-11T14:55:12ZHashikDCI for the projectNow that the runners are available, it's a good idea to install CI for the project.Now that the runners are available, it's a good idea to install CI for the project.HashikDHashikDhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/11localize screenshots on snowflake page2021-06-17T14:19:28ZRoger Dingledinelocalize screenshots on snowflake pagehttps://snowflake.torproject.org/?lang=zh_CN
scroll down to the picture of Tor Browser's network settings. That's an English Tor Browser. Should the Chinese version of the page be showing people using a Tor Browser in Chinese?https://snowflake.torproject.org/?lang=zh_CN
scroll down to the picture of Tor Browser's network settings. That's an English Tor Browser. Should the Chinese version of the page be showing people using a Tor Browser in Chinese?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/10Probe Snowflake bridge from proxy 1x a day2022-04-05T17:04:55ZCecylia BocovichProbe Snowflake bridge from proxy 1x a dayWe're getting reports that the Snowflake bridge isn't reachable in legacy/trac#33364, but it's taking awhile for volunteers to notice because the probe check only happens once at installation or if you disable/enable the proxy.
Perhaps ...We're getting reports that the Snowflake bridge isn't reachable in legacy/trac#33364, but it's taking awhile for volunteers to notice because the probe check only happens once at installation or if you disable/enable the proxy.
Perhaps we can do the probe check 1x a day (e.g., when we do the stats refresh)?Arlo BreaultArlo Breaulthttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/5Allow webextension users to specify how many resources it uses2023-03-31T07:58:03ZCecylia BocovichAllow webextension users to specify how many resources it usesI'm not sure what the default behaviour for webrtc connections is, but we should allow users to throttle or set a bandwidth cap on their connections to avoid over-using their resources.I'm not sure what the default behaviour for webrtc connections is, but we should allow users to throttle or set a bandwidth cap on their connections to avoid over-using their resources.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/3Remove local LAN address ICE candidates from JS proxy answer2023-01-20T08:33:58ZArlo BreaultRemove local LAN address ICE candidates from JS proxy answerThis is a follow up from legacy/trac#19026 where it was done for the clients and golang proxies.This is a follow up from legacy/trac#19026 where it was done for the clients and golang proxies.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/10Design for final notification UI.2021-06-17T14:18:46ZHashikDDesign for final notification UI.Making and designing the final notification UI.Making and designing the final notification UI.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/7Showing users when there is as WebSocket connection failure.2021-06-17T14:14:12ZHashikDShowing users when there is as WebSocket connection failure.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/1Make a build for Safari and publish to the App Store2022-09-28T21:32:18ZArlo BreaultMake a build for Safari and publish to the App Storehttps://developer.apple.com/videos/play/wwdc2020/10665/https://developer.apple.com/videos/play/wwdc2020/10665/https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/12930Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" argum...2021-11-08T20:01:18ZYawning AngelSomeone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" arguments.Per pt-spec.txt:
```
- ARGS:K=V,K=V,K=V
If this option is set, the K=V arguments are added to Tor's
extrainfo document. Equal signs and commas must be escaped
with a backslash.
```
All of obfs4's server (e...Per pt-spec.txt:
```
- ARGS:K=V,K=V,K=V
If this option is set, the K=V arguments are added to Tor's
extrainfo document. Equal signs and commas must be escaped
with a backslash.
```
All of obfs4's server (extra info) document arguments end with a number of equal signs because they are Base64 strings.
goptlib does the right thing here and escapes the args, so the trailing Base64 padding passed to tor as part of SMETHOD ARGS ends with `\\=`. The fun here is that, tor does not unescape the ARGS line, so `\\=` is what ends up in the extrainfo document on BridgeDB.
The arguments that appear on obfs4 bridge lines should not be escaped, so someone, somewhere between little-t tor, and the place where the arguments appear on whatever BridgeDB frontend the end user sees, needs to unescape the arguments.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/11501Improve visual identity of Tor's PTs2021-11-08T19:53:05ZGeorge KadianakisImprove visual identity of Tor's PTsWe've been failing with naming Tor's censorship circumvention tech for a while ('Pluggable Transports', 'obfsproxy', 'obfs3', 'obfs2', 'flashproxy'...).
We know that our users are getting better at learning these terms, but we should tr...We've been failing with naming Tor's censorship circumvention tech for a while ('Pluggable Transports', 'obfsproxy', 'obfs3', 'obfs2', 'flashproxy'...).
We know that our users are getting better at learning these terms, but we should try to help them. I think establishing a visual identity for PTs through a logo, might help.
This way, we can put the same logo in the PT/obfsproxy homepage, and in BridgeDB, and in TBB (in the step of the wizard where you have to add your bridges), and people will learn that when they see that logo it's PT-related.
I'd currently use the obfsproxy logo:
![https://trac.torproject.org/projects/tor/attachment/ticket/5111/logo%20shaded.svg](https://trac.torproject.org/projects/tor/attachment/ticket/5111/logo%20shaded.svg)
except if someone tells me it's a terrible idea (I admit it's more silly than confidence inspiring, but I think it gets the point across). Any other suggestions are welcome.
If people think that this is a reasonable idea, I will create tickets for the BridgeDB and TBB mods.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/10970tor-bridge-relay Debian package2021-11-08T19:58:52ZXimin Luotor-bridge-relay Debian packageInspired by https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/BridgeBundles
tor-bridge-relay will be a small native package that recommends all bridge servers and contains a torrc that uses them.
We ...Inspired by https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/BridgeBundles
tor-bridge-relay will be a small native package that recommends all bridge servers and contains a torrc that uses them.
We can also add bridge-specific documentation, e.g. advice like "if you are in country X then don't use transport Y because this opens your IP address up to a confirmation attack".
This should be fairly simple to implement, but I filed this bug to collect any comments that anyone might have.Ximin LuoXimin Luohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/10677Run unit tests for pluggable transports when building Tor Browser Bundle2021-11-08T19:58:01ZkpdyerRun unit tests for pluggable transports when building Tor Browser Bundledcf and I were recently discussing the dependencies between pluggable transports in the Tor Browser Bundle. As an example obfsproxy, flashproxy, and fteproxy all rely on pyptlib.
In these cases it is important that we have sanity checks...dcf and I were recently discussing the dependencies between pluggable transports in the Tor Browser Bundle. As an example obfsproxy, flashproxy, and fteproxy all rely on pyptlib.
In these cases it is important that we have sanity checks to ensure that when one of these components is upgraded, it doesn't break any of the pluggable transports. It's tedious to manually verify that each pluggable transport works.
It appears that nearly all of the pluggable transports have unit tests. A simple sanity check, running all unit tests for all PTs during the build, is probably a good idea.kpdyerkpdyerhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/33560Settings immediately after install2021-06-17T14:23:19ZTracSettings immediately after install3/9/20, 04:33:18.780 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
3/9/20, 04:33:19.122 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
3/9/20, 04:33:19.336 [NOTICE] Bootstrapped 15% (handshake_done): Handsh...3/9/20, 04:33:18.780 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
3/9/20, 04:33:19.122 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
3/9/20, 04:33:19.336 [NOTICE] Bootstrapped 15% (handshake_done): Handshake with a relay done
3/9/20, 04:33:19.337 [NOTICE] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
3/9/20, 04:33:19.338 [NOTICE] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
3/9/20, 04:33:19.340 [NOTICE] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
3/9/20, 04:33:20.168 [NOTICE] Bootstrapped 100% (done): Done
3/9/20, 04:33:21.105 [NOTICE] New control connection opened from 127.0.0.1.
3/9/20, 04:33:21.354 [NOTICE] New control connection opened from 127.0.0.1.
3/9/20, 04:34:59.416 [WARN] CreateProcessA() failed: The system cannot find the file specified.
3/9/20, 04:34:59.416 [WARN] Pluggable Transport process terminated with status code 0
3/9/20, 04:34:59.417 [WARN] Failed to start process: (null)
3/9/20, 04:34:59.417 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\obfs4proxy.exe' failed at launch.
3/9/20, 04:34:59.417 [NOTICE] Switching to guard context "bridges" (was using "default")
3/9/20, 04:34:59.504 [NOTICE] Delaying directory fetches: No running bridges
3/9/20, 04:34:59.504 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:34:59.504 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:34:59.504 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:00.507 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:00.508 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:00.509 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:01.511 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:01.511 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:02.523 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:02.523 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:03.529 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:03.529 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:04.542 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:04.543 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:05.546 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:06.556 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:06.556 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:07.582 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:07.583 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:07.584 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:08.567 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:09.575 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:09.576 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:11.593 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:12.611 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:14.621 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:15.635 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:16.645 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:17.648 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:18.660 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:19.672 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:22.546 [WARN] CreateProcessA() failed: The system cannot find the file specified.
3/9/20, 04:35:22.547 [WARN] Pluggable Transport process terminated with status code 0
3/9/20, 04:35:22.547 [WARN] Failed to start process: (null)
3/9/20, 04:35:22.548 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\obfs4proxy.exe' failed at launch.
3/9/20, 04:35:22.760 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:22.760 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:22.760 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:23.767 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:23.767 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:23.767 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:24.759 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:24.759 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:25.759 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:25.759 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:26.771 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:26.771 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:27.790 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:27.791 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:28.775 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:28.775 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:29.290 [WARN] CreateProcessA() failed: The system cannot find the file specified.
3/9/20, 04:35:29.290 [WARN] Pluggable Transport process terminated with status code 0
3/9/20, 04:35:29.290 [WARN] Failed to start process: (null)
3/9/20, 04:35:29.300 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\obfs4proxy.exe' failed at launch.
3/9/20, 04:35:29.761 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:29.761 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:29.761 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:30.763 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:30.763 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:30.763 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
**Trac**:
**Username**: KatBloodgoodhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/33461Multiarch docker obfs4 bridge2021-06-17T14:23:19ZTracMultiarch docker obfs4 bridgeHaving more images enables the bridge operators to directly pull an image instead of modifying the Dockerfile and consequently building that image. For example, the supported architectures can be x86_64, aarch64 and arm.
In order to do s...Having more images enables the bridge operators to directly pull an image instead of modifying the Dockerfile and consequently building that image. For example, the supported architectures can be x86_64, aarch64 and arm.
In order to do so we can have multiple `Dockerfile.arch` where is used https://github.com/multiarch/qemu-user-static in order to build such image.
For example in the Dockerfile.arm file the content should be something like:
```
# Base docker image
FROM multiarch/qemu-user-static:x86_64-arm as qemu
FROM arm32v7/debian:buster-slim
COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin
# Install remaining dependencies.
RUN apt-get update && apt-get install -y \
tor \
tor-geoipdb \
obfs4proxy \
libcap2-bin \
--no-install-recommends
# Allow obfs4proxy to bind to ports < 1024.
RUN setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
RUN setcap cap_net_bind_service=+ep /usr/bin/tor
# Our torrc is generated at run-time by the script start-tor.sh.
RUN rm /etc/tor/torrc
RUN chown debian-tor:debian-tor /etc/tor
RUN chown debian-tor:debian-tor /var/log/tor
COPY start-tor.sh /usr/local/bin
RUN chmod 0755 /usr/local/bin/start-tor.sh
COPY get-bridge-line /usr/local/bin
RUN chmod 0755 /usr/local/bin/get-bridge-line
USER debian-tor
CMD [ "/usr/local/bin/start-tor.sh" ]
```
**Trac**:
**Username**: thymbahutymbahttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/32550Static tor in docker container2020-10-29T20:26:58ZTracStatic tor in docker containerI was wondering about how to improve the docker image. The current version of provided image, in such case for bridges, uses debian. This ends up in a "big" image that, in my honest opinion waste a lot of space.
In order to improve the ...I was wondering about how to improve the docker image. The current version of provided image, in such case for bridges, uses debian. This ends up in a "big" image that, in my honest opinion waste a lot of space.
In order to improve the deployment and the space required by such container, which can be even extended for all relay, I wrote a Makefile for statically build tor. Once there is a statically build of tor, it should be enough provide just it inside the container.
```
PREFIX=$(shell pwd)/dist
RELEASE=$(shell pwd)/release
TOR=https://dist.torproject.org
TOR_VER=0.4.1.6
LIBEVENT=https://github.com/libevent/libevent/releases/download
LIBEVENT_VER=2.1.11-stable
OPENSSL=https://github.com/openssl/openssl/archive
OPENSSL_VER=1_0_2t
ZLIB=https://zlib.net
ZLIB_VER=1.2.11
CLEAN_DIRS=$(dir .)
all: tor
tor: tor-${TOR_VER} libevent libseccomp zlib openssl
cd $< && \
./configure \
--prefix=${RELEASE} \
--enable-static-tor \
--with-openssl-dir=${PREFIX} \
--with-libevent-dir=${PREFIX} \
--with-zlib-dir=${PREFIX} \
--disable-asciidoc \
--disable-system-torrc \
--disable-seccomp \
&& $(MAKE) $(MAKEFLAGS) && $(MAKE) install
libevent: libevent-${LIBEVENT_VER}
cd $< && \
./configure --prefix=${PREFIX} --enable-shared=no && \
$(MAKE) $(MAKEFLAGS) && $(MAKE) install
openssl: OpenSSL_${OPENSSL_VER}
cd $< && \
./config no-shared no-dso no-zlib --prefix=${PREFIX} && \
$(MAKE) depend && $(MAKE) $(MAKEFLAGS) && $(MAKE) install_sw
zlib: zlib-${ZLIB_VER}
cd $< && \
./configure --prefix=${PREFIX} --static && \
$(MAKE) $(MAKEFLAGS) && $(MAKE) install
## Download and extract source if required
tor-${TOR_VER}:
wget -qO- ${TOR}$@.tar.gz | \
bsdtar xzf -
libevent-${LIBEVENT_VER}:
wget -qO- ${LIBEVENT}/release-${LIBEVENT_VER}/$@.tar.gz | \
bsdtar xzf -
OpenSSL_${OPENSSL_VER}:
wget -qO- ${OPENSSL}/$@.tar.gz | \
bsdtar xzf -
mv openssl-$@ $@
zlib-${ZLIB_VER}:
wget -qO- ${ZLIB}/$@.tar.gz | \
bsdtar xzf -
```
**Trac**:
**Username**: thymbahutymbahttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/32439tor can't bootstrap with obfs4 bridge and skewed clock2022-06-22T07:35:54Zintrigeritor can't bootstrap with obfs4 bridge and skewed clockEnvironment: Debian unstable, Tor Browser 9.0.1, system clock set 2h in the future.
Observed behavior: Tor Launcher says "Connected to bridge" but the progress bar is stuck at a very low percentage. After a while, the "Copy Tor Log To C...Environment: Debian unstable, Tor Browser 9.0.1, system clock set 2h in the future.
Observed behavior: Tor Launcher says "Connected to bridge" but the progress bar is stuck at a very low percentage. After a while, the "Copy Tor Log To Clipboard" button appears.
Impact: Tails users whose hardware clock is set to local time, in a timezone that's not close enough to UTC, cannot use obfs4 bridges. Unfortunately, that's quite common, because:
* Windows sets the hardware clock to local time by default (as opposed to Unix systems, that tend to assume the hardware clock is in UTC)
* many places where one needs obfs4 to use Tor are 4-7 hours ahead of UTC
* Tails can't guess whether the hardware clock is set to UTC time or to local time; it assumes it's UTC time
Corresponding tor log (actual obfs4 bridges IP & port redacted):
```
11/9/19, 16:39:11.903 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/9/19, 16:39:11.903 [NOTICE] Switching to guard context "bridges" (was using "default")
11/9/19, 16:39:11.903 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/9/19, 16:39:11.903 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/9/19, 16:39:11.903 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/9/19, 16:39:11.903 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/9/19, 16:39:11.903 [NOTICE] Renaming old configuration file to "/home/toto/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
11/9/19, 16:39:12.885 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
11/9/19, 16:39:12.887 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
11/9/19, 16:40:06.330 [WARN] Proxy Client: unable to connect to $IP1:$PORT1 ("general SOCKS server failure")
11/9/19, 16:40:12.957 [WARN] Proxy Client: unable to connect to $IP2:$PORT2 ("general SOCKS server failure")
11/9/19, 16:40:13.120 [WARN] Proxy Client: unable to connect to $IP3:$PORT3 ("general SOCKS server failure")
11/9/19, 16:41:10.165 [WARN] Proxy Client: unable to connect to $IP1:$PORT1 ("general SOCKS server failure")
11/9/19, 16:41:14.240 [WARN] Proxy Client: unable to connect to $IP2:$PORT2 ("general SOCKS server failure")
11/9/19, 16:41:20.420 [WARN] Proxy Client: unable to connect to $IP3:$PORT3 ("general SOCKS server failure")
```https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/32047Sharing Keys Through HTML?2021-06-17T14:23:19ZTracSharing Keys Through HTML?If you read how RSA works, it is obvious that decrypting something that is not meant to be decrypted still works to get random digits that are similar length. Here, an idea would be to hide some random digits in HTML, for example into th...If you read how RSA works, it is obvious that decrypting something that is not meant to be decrypted still works to get random digits that are similar length. Here, an idea would be to hide some random digits in HTML, for example into the first hundred colors in <style> or counting the number of letters inside the first fifty <p>s. These are numerical fields inside HTML that could have a string, encrypted by a Preshared RSA key (people know both the private and public key), put into it to be hidden. People will then decrypt that to get a public key to do the key sharing. While the censor cannot distinguish a regular HTML and a keysharing HTML because decrypting any regular HTML also gets you a salted public key, because both look like nothing. This is weak on its own because the censor could easily try to decrypt anything with the gotten key that originates from the requesting address, and if it works it is a tor connection, but at the same time, with two different connections originating from different addresses (could be two connections to WiFi to get different port forwarding), it is difficult for the censor to check every single connection against each HTML file for the key across the same public IP. I believe that obfs4 has this problem with the keysharing which reveals that it is a obfs4 connection.
**Trac**:
**Username**: Aphrodites1995https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/31719obfs4proxy should be more helpful if state file is empty2021-06-17T14:23:19ZPhilipp Winterphw@torproject.orgobfs4proxy should be more helpful if state file is emptyWe had a user on IRC who ran into the following error message:
```
[warn] Server managed proxy encountered a method error. (obfs4 failed to load statefile '/var/db/tor/pt_state/obfs4_state.json': unexpected end of JSON input)
```
It turn...We had a user on IRC who ran into the following error message:
```
[warn] Server managed proxy encountered a method error. (obfs4 failed to load statefile '/var/db/tor/pt_state/obfs4_state.json': unexpected end of JSON input)
```
It turns out that the user's state file was empty. Removing the state file and then having obfs4proxy re-create it fixed the problem. Obfs4proxy should realise that the state file is empty (was opposed to corrupt) and either re-create it itself or advise the user to delete it and try again.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/31153Create a "tor-bridge" Debian meta package2022-04-07T16:13:19ZPhilipp Winterphw@torproject.orgCreate a "tor-bridge" Debian meta packageInstalling an obfs4 bridge on Debian currently requires installing tor, obfs4proxy, and then figuring out how to configure it. We could create a meta package, say tor-bridge, that simplifies this process. This package would:
* Ship with...Installing an obfs4 bridge on Debian currently requires installing tor, obfs4proxy, and then figuring out how to configure it. We could create a meta package, say tor-bridge, that simplifies this process. This package would:
* Ship with a script that automatically determines a free and random OR and obfs4 port.
* Help us retire a transport by replacing, say, obfs4 with obfs5.
* Ship with a tool that helps operators get their bridge line.
* Write its torrc to a different file than the tor package, to be compliant with Debian policy.
* After installation, ask the operator about their nickname, contact info, and if they want a vanilla or obfs4 bridge.
* Maybe ship with [nyx](https://nyx.torproject.org) so operators have a sense of how their bridge is doing.
I hear that infinity0 already thought about this problem a lot in the context of tor-bridge-helper.