Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2023-03-31T07:58:03Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/5Allow webextension users to specify how many resources it uses2023-03-31T07:58:03ZCecylia BocovichAllow webextension users to specify how many resources it usesI'm not sure what the default behaviour for webrtc connections is, but we should allow users to throttle or set a bandwidth cap on their connections to avoid over-using their resources.I'm not sure what the default behaviour for webrtc connections is, but we should allow users to throttle or set a bandwidth cap on their connections to avoid over-using their resources.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/7Showing users when there is as WebSocket connection failure.2021-06-17T14:14:12ZHashikDShowing users when there is as WebSocket connection failure.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/10Design for final notification UI.2021-06-17T14:18:46ZHashikDDesign for final notification UI.Making and designing the final notification UI.Making and designing the final notification UI.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/10Probe Snowflake bridge from proxy 1x a day2022-04-05T17:04:55ZCecylia BocovichProbe Snowflake bridge from proxy 1x a dayWe're getting reports that the Snowflake bridge isn't reachable in legacy/trac#33364, but it's taking awhile for volunteers to notice because the probe check only happens once at installation or if you disable/enable the proxy.
Perhaps ...We're getting reports that the Snowflake bridge isn't reachable in legacy/trac#33364, but it's taking awhile for volunteers to notice because the probe check only happens once at installation or if you disable/enable the proxy.
Perhaps we can do the probe check 1x a day (e.g., when we do the stats refresh)?Arlo BreaultArlo Breaulthttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/11localize screenshots on snowflake page2021-06-17T14:19:28ZRoger Dingledinelocalize screenshots on snowflake pagehttps://snowflake.torproject.org/?lang=zh_CN
scroll down to the picture of Tor Browser's network settings. That's an English Tor Browser. Should the Chinese version of the page be showing people using a Tor Browser in Chinese?https://snowflake.torproject.org/?lang=zh_CN
scroll down to the picture of Tor Browser's network settings. That's an English Tor Browser. Should the Chinese version of the page be showing people using a Tor Browser in Chinese?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/16Network checks before allowing the user to start the proxy2021-06-17T14:21:51ZHashikDNetwork checks before allowing the user to start the proxy- NAT check
- WebSocket reachability check- NAT check
- WebSocket reachability checkHashikDHashikDhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/19Make sure browser proxies are terminating connections properly2023-02-04T09:41:52ZCecylia BocovichMake sure browser proxies are terminating connections properlyWe had a user in #tor mention that their snowflake icon is staying green for hours. If this really is a multi-hour browsing session, that's fine. But if it's due to a closed connection that keeps the snowflake out of commission then we s...We had a user in #tor mention that their snowflake icon is staying green for hours. If this really is a multi-hour browsing session, that's fine. But if it's due to a closed connection that keeps the snowflake out of commission then we should look into it.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/31719obfs4proxy should be more helpful if state file is empty2021-06-17T14:23:19ZPhilipp Winterphw@torproject.orgobfs4proxy should be more helpful if state file is emptyWe had a user on IRC who ran into the following error message:
```
[warn] Server managed proxy encountered a method error. (obfs4 failed to load statefile '/var/db/tor/pt_state/obfs4_state.json': unexpected end of JSON input)
```
It turn...We had a user on IRC who ran into the following error message:
```
[warn] Server managed proxy encountered a method error. (obfs4 failed to load statefile '/var/db/tor/pt_state/obfs4_state.json': unexpected end of JSON input)
```
It turns out that the user's state file was empty. Removing the state file and then having obfs4proxy re-create it fixed the problem. Obfs4proxy should realise that the state file is empty (was opposed to corrupt) and either re-create it itself or advise the user to delete it and try again.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/20F-Droid2021-06-17T14:23:56ZrugkF-DroidIt would be great to see this Android app on F-Droid!
[F-Droid](https://f-droid.org/) is an Android app store specifically for free/libre open-source apps. It would be great if your app could be released there, as it is the number one f...It would be great to see this Android app on F-Droid!
[F-Droid](https://f-droid.org/) is an Android app store specifically for free/libre open-source apps. It would be great if your app could be released there, as it is the number one for getting FLOSS Android apps for many people.
F-Droid also builds all apps from source ([optionally even reproducible](https://f-droid.org/en/docs/Reproducible_Builds/)), so downloads from there can be trusted.
The [app developer FAQ](https://f-droid.org/en/docs/FAQ_-_App_Developers/) or [the quick start guide](https://f-droid.org/en/docs/Submitting_to_F-Droid_Quick_Start_Guide/) may help you to get started.
BTW a release on F-Droid could also bring some (more) popularity (in case that is intended), as it will show up in the app (new apps are featured there).
Also checked the Guardian Project F-Droid repository, it's also not there.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/21Assess app readiness for app store2021-06-17T14:23:56ZCecylia BocovichAssess app readiness for app storeThis project is mostly done. We should do a more rigorous assessment of whether it's at the point where we can upload it to app stores. Specifically I want to check the following:
- [ ] Run it on our devices for a few days to make sure t...This project is mostly done. We should do a more rigorous assessment of whether it's at the point where we can upload it to app stores. Specifically I want to check the following:
- [ ] Run it on our devices for a few days to make sure there aren't any bugs
- [ ] Make sure we report the NAT type as restricted since we are not performing an NAT checks yethttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/32047Sharing Keys Through HTML?2021-06-17T14:23:19ZTracSharing Keys Through HTML?If you read how RSA works, it is obvious that decrypting something that is not meant to be decrypted still works to get random digits that are similar length. Here, an idea would be to hide some random digits in HTML, for example into th...If you read how RSA works, it is obvious that decrypting something that is not meant to be decrypted still works to get random digits that are similar length. Here, an idea would be to hide some random digits in HTML, for example into the first hundred colors in <style> or counting the number of letters inside the first fifty <p>s. These are numerical fields inside HTML that could have a string, encrypted by a Preshared RSA key (people know both the private and public key), put into it to be hidden. People will then decrypt that to get a public key to do the key sharing. While the censor cannot distinguish a regular HTML and a keysharing HTML because decrypting any regular HTML also gets you a salted public key, because both look like nothing. This is weak on its own because the censor could easily try to decrypt anything with the gotten key that originates from the requesting address, and if it works it is a tor connection, but at the same time, with two different connections originating from different addresses (could be two connections to WiFi to get different port forwarding), it is difficult for the censor to check every single connection against each HTML file for the key across the same public IP. I believe that obfs4 has this problem with the keysharing which reveals that it is a obfs4 connection.
**Trac**:
**Username**: Aphrodites1995https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-mobile/-/issues/22Localization2021-06-17T14:23:56ZCecylia BocovichLocalizationWe should localize this app. I'm unfamiliar with localization in the Android ecosystem, but we're using a lot of the same strings as the webextension. So if there's an easy way to just include those strings that would be ideal :)We should localize this app. I'm unfamiliar with localization in the Android ecosystem, but we're using a lot of the same strings as the webextension. So if there's an easy way to just include those strings that would be ideal :)https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/12208Make it possible to use an IP address as a front (no DNS request and no SNI)2021-11-08T19:49:21ZDavid Fifielddcf@torproject.orgMake it possible to use an IP address as a front (no DNS request and no SNI)meek puts one domain name on the "outside" of your connection (the DNS request and SNI), and a different name on the "inside" (the HTTP Host header). It would be good for some uses if the outside could be just to an IP address rather tha...meek puts one domain name on the "outside" of your connection (the DNS request and SNI), and a different name on the "inside" (the HTTP Host header). It would be good for some uses if the outside could be just to an IP address rather than a domain name, so that there were no DNS request, and no server_name extension in the CLientHello. Kind of like if you were to browse to https://38.229.72.16/ instead of https://www.torproject.org/.
The motivating use case is using a CDN as a front instead of www.google.com. A CDN has many domains behind it, but if we choose just one of them as the front, that domain might get blocked (because the collateral damage would be limited to just one domain). Such blocking would break the transport and also incidentally get the innocent third-party domain, who has nothing to do with any of this, censored even for non-circumventors. What we want is to use one of the CDN's frontend IP addresses as a front, so that the censor has to block the whole IP and the thousands of domains behind it, not just a single domain.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/33461Multiarch docker obfs4 bridge2021-06-17T14:23:19ZTracMultiarch docker obfs4 bridgeHaving more images enables the bridge operators to directly pull an image instead of modifying the Dockerfile and consequently building that image. For example, the supported architectures can be x86_64, aarch64 and arm.
In order to do s...Having more images enables the bridge operators to directly pull an image instead of modifying the Dockerfile and consequently building that image. For example, the supported architectures can be x86_64, aarch64 and arm.
In order to do so we can have multiple `Dockerfile.arch` where is used https://github.com/multiarch/qemu-user-static in order to build such image.
For example in the Dockerfile.arm file the content should be something like:
```
# Base docker image
FROM multiarch/qemu-user-static:x86_64-arm as qemu
FROM arm32v7/debian:buster-slim
COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin
# Install remaining dependencies.
RUN apt-get update && apt-get install -y \
tor \
tor-geoipdb \
obfs4proxy \
libcap2-bin \
--no-install-recommends
# Allow obfs4proxy to bind to ports < 1024.
RUN setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
RUN setcap cap_net_bind_service=+ep /usr/bin/tor
# Our torrc is generated at run-time by the script start-tor.sh.
RUN rm /etc/tor/torrc
RUN chown debian-tor:debian-tor /etc/tor
RUN chown debian-tor:debian-tor /var/log/tor
COPY start-tor.sh /usr/local/bin
RUN chmod 0755 /usr/local/bin/start-tor.sh
COPY get-bridge-line /usr/local/bin
RUN chmod 0755 /usr/local/bin/get-bridge-line
USER debian-tor
CMD [ "/usr/local/bin/start-tor.sh" ]
```
**Trac**:
**Username**: thymbahutymbahttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/33560Settings immediately after install2021-06-17T14:23:19ZTracSettings immediately after install3/9/20, 04:33:18.780 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
3/9/20, 04:33:19.122 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
3/9/20, 04:33:19.336 [NOTICE] Bootstrapped 15% (handshake_done): Handsh...3/9/20, 04:33:18.780 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
3/9/20, 04:33:19.122 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
3/9/20, 04:33:19.336 [NOTICE] Bootstrapped 15% (handshake_done): Handshake with a relay done
3/9/20, 04:33:19.337 [NOTICE] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
3/9/20, 04:33:19.338 [NOTICE] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
3/9/20, 04:33:19.340 [NOTICE] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
3/9/20, 04:33:20.168 [NOTICE] Bootstrapped 100% (done): Done
3/9/20, 04:33:21.105 [NOTICE] New control connection opened from 127.0.0.1.
3/9/20, 04:33:21.354 [NOTICE] New control connection opened from 127.0.0.1.
3/9/20, 04:34:59.416 [WARN] CreateProcessA() failed: The system cannot find the file specified.
3/9/20, 04:34:59.416 [WARN] Pluggable Transport process terminated with status code 0
3/9/20, 04:34:59.417 [WARN] Failed to start process: (null)
3/9/20, 04:34:59.417 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\obfs4proxy.exe' failed at launch.
3/9/20, 04:34:59.417 [NOTICE] Switching to guard context "bridges" (was using "default")
3/9/20, 04:34:59.504 [NOTICE] Delaying directory fetches: No running bridges
3/9/20, 04:34:59.504 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:34:59.504 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:34:59.504 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:00.507 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:00.508 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:00.509 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:01.511 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:01.511 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:02.523 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:02.523 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:03.529 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:03.529 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:04.542 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:04.543 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:05.546 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:06.556 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:06.556 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:07.582 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:07.583 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:07.584 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:08.567 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:09.575 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:09.576 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:11.593 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:12.611 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:14.621 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:15.635 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:16.645 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:17.648 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:18.660 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:19.672 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:22.546 [WARN] CreateProcessA() failed: The system cannot find the file specified.
3/9/20, 04:35:22.547 [WARN] Pluggable Transport process terminated with status code 0
3/9/20, 04:35:22.547 [WARN] Failed to start process: (null)
3/9/20, 04:35:22.548 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\obfs4proxy.exe' failed at launch.
3/9/20, 04:35:22.760 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:22.760 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:22.760 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:23.767 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:23.767 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:23.767 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:24.759 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:24.759 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:25.759 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:25.759 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:26.771 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:26.771 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:27.790 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:27.791 [NOTICE] Bridge at '5.2.75.181:9785' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:28.775 [NOTICE] Bridge at '217.12.199.130:42367' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:28.775 [NOTICE] Bridge at '96.41.145.139:42260' isn't reachable by our firewall policy. Asking bridge authority instead.
3/9/20, 04:35:29.290 [WARN] CreateProcessA() failed: The system cannot find the file specified.
3/9/20, 04:35:29.290 [WARN] Pluggable Transport process terminated with status code 0
3/9/20, 04:35:29.290 [WARN] Failed to start process: (null)
3/9/20, 04:35:29.300 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\obfs4proxy.exe' failed at launch.
3/9/20, 04:35:29.761 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:29.761 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:29.761 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:30.763 [WARN] We were supposed to connect to bridge '217.12.199.130:42367' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:30.763 [WARN] We were supposed to connect to bridge '5.2.75.181:9785' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
3/9/20, 04:35:30.763 [WARN] We were supposed to connect to bridge '96.41.145.139:42260' using pluggable transport 'obfs4', but we can't find a pluggable transport proxy supporting 'obfs4'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
**Trac**:
**Username**: KatBloodgoodhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/32439tor can't bootstrap with obfs4 bridge and skewed clock2022-06-22T07:35:54Zintrigeritor can't bootstrap with obfs4 bridge and skewed clockEnvironment: Debian unstable, Tor Browser 9.0.1, system clock set 2h in the future.
Observed behavior: Tor Launcher says "Connected to bridge" but the progress bar is stuck at a very low percentage. After a while, the "Copy Tor Log To C...Environment: Debian unstable, Tor Browser 9.0.1, system clock set 2h in the future.
Observed behavior: Tor Launcher says "Connected to bridge" but the progress bar is stuck at a very low percentage. After a while, the "Copy Tor Log To Clipboard" button appears.
Impact: Tails users whose hardware clock is set to local time, in a timezone that's not close enough to UTC, cannot use obfs4 bridges. Unfortunately, that's quite common, because:
* Windows sets the hardware clock to local time by default (as opposed to Unix systems, that tend to assume the hardware clock is in UTC)
* many places where one needs obfs4 to use Tor are 4-7 hours ahead of UTC
* Tails can't guess whether the hardware clock is set to UTC time or to local time; it assumes it's UTC time
Corresponding tor log (actual obfs4 bridges IP & port redacted):
```
11/9/19, 16:39:11.903 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/9/19, 16:39:11.903 [NOTICE] Switching to guard context "bridges" (was using "default")
11/9/19, 16:39:11.903 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/9/19, 16:39:11.903 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
11/9/19, 16:39:11.903 [NOTICE] Opening Socks listener on 127.0.0.1:9150
11/9/19, 16:39:11.903 [NOTICE] Opened Socks listener on 127.0.0.1:9150
11/9/19, 16:39:11.903 [NOTICE] Renaming old configuration file to "/home/toto/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1"
11/9/19, 16:39:12.885 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
11/9/19, 16:39:12.887 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
11/9/19, 16:40:06.330 [WARN] Proxy Client: unable to connect to $IP1:$PORT1 ("general SOCKS server failure")
11/9/19, 16:40:12.957 [WARN] Proxy Client: unable to connect to $IP2:$PORT2 ("general SOCKS server failure")
11/9/19, 16:40:13.120 [WARN] Proxy Client: unable to connect to $IP3:$PORT3 ("general SOCKS server failure")
11/9/19, 16:41:10.165 [WARN] Proxy Client: unable to connect to $IP1:$PORT1 ("general SOCKS server failure")
11/9/19, 16:41:14.240 [WARN] Proxy Client: unable to connect to $IP2:$PORT2 ("general SOCKS server failure")
11/9/19, 16:41:20.420 [WARN] Proxy Client: unable to connect to $IP3:$PORT3 ("general SOCKS server failure")
```https://gitlab.torproject.org/tpo/anti-censorship/docker-obfs4-bridge/-/issues/3Make obfs4 Docker image support private bridges2021-10-25T18:55:11ZPhilipp Winterphw@torproject.orgMake obfs4 Docker image support private bridgesFor legacy/trac#28526 it would be helpful if one could configure an obfs4 Docker container to be private. We could simply add a new environment variable, say `PRIVATE_BRIDGE`, which controls whether the container sets `BridgeDistribution...For legacy/trac#28526 it would be helpful if one could configure an obfs4 Docker container to be private. We could simply add a new environment variable, say `PRIVATE_BRIDGE`, which controls whether the container sets `BridgeDistribution none` in its torrc or not.https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40022Recruit potential default bridges from set of long-running bridges2021-09-10T17:40:33ZPhilipp Winterphw@torproject.orgRecruit potential default bridges from set of long-running bridgesWe would like to set up more default bridges. One way to recruit more is to look for non-default bridges that have 1) high capacity, 2) have been around for a long time, and 3) have a stable uptime. Ideally, we should also know the perso...We would like to set up more default bridges. One way to recruit more is to look for non-default bridges that have 1) high capacity, 2) have been around for a long time, and 3) have a stable uptime. Ideally, we should also know the person who runs the bridge, as stated in our [list of criteria](https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/DefaultBridges#Addingnewdefaultbridges) for setting up a new default bridges.
Let's have a look at archived bridge data and extract a list of default bridge candidates.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/20348Allot Communications blocking of vanilla Tor, obfs4, and meek in Kazakhstan, ...2021-11-23T21:31:20ZDavid Fifielddcf@torproject.orgAllot Communications blocking of vanilla Tor, obfs4, and meek in Kazakhstan, starting 2016-06At the beginning of June 2016, direct users in Kazakhstan fell, while bridge users simultaneously rose. Thereafter, bridge users slowly declined.
![uploads/userstats-relay-country-kz-2016-01-01-2016-10-12-off.png](/uploads/4dfb73bb7d22a...At the beginning of June 2016, direct users in Kazakhstan fell, while bridge users simultaneously rose. Thereafter, bridge users slowly declined.
![uploads/userstats-relay-country-kz-2016-01-01-2016-10-12-off.png](/uploads/4dfb73bb7d22a7a4af00d58a7223c059/userstats-relay-country-kz-2016-01-01-2016-10-12-off.png) [link](https://metrics.torproject.org/userstats-relay-country.html?start=2016-01-01&end=2016-10-12&country=kz&events=off)
![uploads/userstats-bridge-country-kz-2016-01-01-2016-10-12.png](/uploads/be128377875ddd0f8babd1ea7aa0c244/userstats-bridge-country-kz-2016-01-01-2016-10-12.png) [link](https://metrics.torproject.org/userstats-bridge-country.html?start=2016-01-01&end=2016-10-12&country=kz)<br>
The mainly used transport was obfs4.
![uploads/userstats-bridge-combined-kz-2016-01-01-2016-10-12.png](/uploads/b6cd48219d671236115edb407fbf37bb/userstats-bridge-combined-kz-2016-01-01-2016-10-12.png) [link](https://metrics.torproject.org/userstats-bridge-combined.html?start=2016-01-01&end=2016-10-12&country=kz)
The dip in bridge users during September was likely not related to anything happening in Kazakhstan, but is an artifact of the changeover of bridge authorities. See https://lists.torproject.org/pipermail/metrics-team/2016-September/000217.html.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/meek/-/issues/12774"Firefox is already running" when you select meek after bootstrapping2021-11-08T19:49:21ZDavid Fifielddcf@torproject.org"Firefox is already running" when you select meek after bootstrapping1.Let Tor Browser bootstrap without any pluggable transports.
2. Open Network Settings and choose meek.
An alert appears:
Firefox is already running, but is not responding. To open a new window, you must first close the existing Fire...1.Let Tor Browser bootstrap without any pluggable transports.
2. Open Network Settings and choose meek.
An alert appears:
Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.
After that you can't browse. But closing the browser and allowing it to bootstrap from scratch again (with meek) works.
Tested on 3.6.3-meek-1 and on a build of the 4.0-alpha-1 branch.David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.org