Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2022-07-20T21:00:54Zhttps://gitlab.torproject.org/legacy/trac/-/issues/23839Testing Framework for Censorship Circumvention2022-07-20T21:00:54ZArthur EdelsteinTesting Framework for Censorship Circumvention[[the Montreal meeting](https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Montreal/Notes/OONI-TorBrowserCollaboration|At)], we discussed the possibility of creating an opt-in, embedded testing/telemetry module for Tor Browse...[[the Montreal meeting](https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Montreal/Notes/OONI-TorBrowserCollaboration|At)], we discussed the possibility of creating an opt-in, embedded testing/telemetry module for Tor Browser that would allow collection of data on connectivity for Tor and for different bridges and pluggable transports. OONI could collate and analyze this data to give a better picture of the per-country bridge connectivity situation. That data could be used to improve Tor Launcher's connection UX, and also help compare different censorship circumvention tools.
This can be a parent ticket for designing and developing such a module.https://gitlab.torproject.org/legacy/trac/-/issues/6149"Censorship-timeline" for Tor2022-07-20T21:00:54ZPhilipp Winterphw@torproject.org"Censorship-timeline" for TorIt was shortly discussed on #tor-dev that some sort of "censorship-timeline" for Tor would be helpful. In particular, this should provide:
* Detailed technical analyses of the censorship mechanisms in place (DPI fingerprints and manufa...It was shortly discussed on #tor-dev that some sort of "censorship-timeline" for Tor would be helpful. In particular, this should provide:
* Detailed technical analyses of the censorship mechanisms in place (DPI fingerprints and manufacturers, traceroutes, ...)
* Code and data to reproduce all experiments
* Tor patches and standalone tools to evade the censorship devices
After all, this timeline should serve as a comprehensive archive for all people interested in how Tor is getting blocked. It should make it easy to answer questions such as _"What happened to Tor in country X back in Y?"_.
There are also some open questions:
* How should the data be structured? In form of a timeline? Or country based? Something else?
* What data should be published and when? Full disclosure too early in the process helps the censors.
* How should it be presented? In a wiki page or a standalone web site?https://gitlab.torproject.org/legacy/trac/-/issues/7349Obfsbridges should be able to "disable" their ORPort2021-07-29T15:06:00ZGeorge KadianakisObfsbridges should be able to "disable" their ORPortIn the future, we will want obfsbridges to only expose their obfsports and not their ORPort, otherwise an adversary can launch an active-scanning attack against the ORPort.
We should spec and implement a torrc option that hides the ORPo...In the future, we will want obfsbridges to only expose their obfsports and not their ORPort, otherwise an adversary can launch an active-scanning attack against the ORPort.
We should spec and implement a torrc option that hides the ORPort of obfsbridges.
Maybe it should make the ORPort bind on localhost. But what happens if the transport proxy is not on the same host as the ORPort?Tor: 0.4.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/28898Huge drop of users in UAE2021-03-27T04:55:11ZanadahzHuge drop of users in UAEThere is a huge [decrease of directly connecting clients from the United Arab Emirates](https://metrics.torproject.org/userstats-relay-country.html?start=2018-09-19&end=2018-12-18&country=ae&events=off):
![userstats-relay-country-ae-20...There is a huge [decrease of directly connecting clients from the United Arab Emirates](https://metrics.torproject.org/userstats-relay-country.html?start=2018-09-19&end=2018-12-18&country=ae&events=off):
![userstats-relay-country-ae-2018-09-19-2018-12-18-off.png, 75%](uploads/userstats-relay-country-ae-2018-09-19-2018-12-18-off.png, 75%)
Is this in any way related to #21345?David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/20348Allot Communications blocking of vanilla Tor, obfs4, and meek in Kazakhstan, ...2021-03-27T04:55:11ZDavid Fifielddcf@torproject.orgAllot Communications blocking of vanilla Tor, obfs4, and meek in Kazakhstan, starting 2016-06At the beginning of June 2016, direct users in Kazakhstan fell, while bridge users simultaneously rose. Thereafter, bridge users slowly declined.
![userstats-relay-country-kz-2016-01-01-2016-10-12-off.png](uploads/userstats-relay-count...At the beginning of June 2016, direct users in Kazakhstan fell, while bridge users simultaneously rose. Thereafter, bridge users slowly declined.
![userstats-relay-country-kz-2016-01-01-2016-10-12-off.png](uploads/userstats-relay-country-kz-2016-01-01-2016-10-12-off.png) [link](https://metrics.torproject.org/userstats-relay-country.html?start=2016-01-01&end=2016-10-12&country=kz&events=off)
![userstats-bridge-country-kz-2016-01-01-2016-10-12.png](uploads/userstats-bridge-country-kz-2016-01-01-2016-10-12.png) [link](https://metrics.torproject.org/userstats-bridge-country.html?start=2016-01-01&end=2016-10-12&country=kz)
The mainly used transport was obfs4.
![userstats-bridge-combined-kz-2016-01-01-2016-10-12.png](uploads/userstats-bridge-combined-kz-2016-01-01-2016-10-12.png) [link](https://metrics.torproject.org/userstats-bridge-combined.html?start=2016-01-01&end=2016-10-12&country=kz)
The dip in bridge users during September was likely not related to anything happening in Kazakhstan, but is an artifact of the changeover of bridge authorities. See https://lists.torproject.org/pipermail/metrics-team/2016-September/000217.html.https://gitlab.torproject.org/legacy/trac/-/issues/25137Tor blocked in UAE2021-03-27T04:55:11ZTracTor blocked in UAEOn 1 Jan, I was unable to connect to a site I often use with Tor. It got 75% loaded and stopped. After 2 hours, I figured out the UAE had started blocking Tor, and switched to obfs4. This worked until today at midnight. So I switched to ...On 1 Jan, I was unable to connect to a site I often use with Tor. It got 75% loaded and stopped. After 2 hours, I figured out the UAE had started blocking Tor, and switched to obfs4. This worked until today at midnight. So I switched to meek, which worked. I connected to one yahoo mail account, finished, closed Tor before switching to my other yahoo mail account (I don't want yahoo to know they're both me). Tor only loaded 25%. It downloaded the network consensus, but could not load the network consensus. I closed Tor and tried meek-Amazon and meek-azure, but always, Tor could not load the network consensus. So I switched to Openvpn, and was able to use Tor in normal mode, without a bridge. (Of course, I had to reset my computer clock to match the VPN address). Does anyone know how the UAE is blocking Tor so that it cannot load the network status, and what I can do about it (in case they figure out how to block Openvpn).
**Trac**:
**Username**: mwolfeDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/21014Turkey blocking of direct connections, 2016-12-122021-03-27T04:55:11ZNima FatemiTurkey blocking of direct connections, 2016-12-12Turkey Blocks article: https://turkeyblocks.org/2016/12/18/tor-blocked-in-turkey-vpn-ban/
After getting some reports on twitter about Tor being blocked in Turkey and some chat on IRC, <bypassemall> aka <trdpi> aka <kzdpi> ran some tests...Turkey Blocks article: https://turkeyblocks.org/2016/12/18/tor-blocked-in-turkey-vpn-ban/
After getting some reports on twitter about Tor being blocked in Turkey and some chat on IRC, <bypassemall> aka <trdpi> aka <kzdpi> ran some tests and found some interesting information about how Turkey is blocking vanilla Tor connections. I paste their findings here:
```
16:48 < trdpi> 10 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE
16:48 < trdpi> after less than 10 seconds
...
16:55 < trdpi> this isp injects rst it seems
16:56 < trdpi> to both side, as i got 2 rst one legit and 2 not
16:57 < mrphs> oh apparently today is an special day in turkey
...
17:00 < trdpi> telneting to or port, no rsts. it triggered by something more than ip:port connection
17:01 < trdpi> yay, window trick for split req works for tr
17:02 < trdpi> magic tool allows to bypass vanilla tor censorship
17:04 < trdpi> so it's about ciphersuits or something
17:07 < trdpi> it's like kz, but obfs4 works
17:07 < trdpi> and kz do not rsts
17:07 < trdpi> it controlls connection
17:07 < trdpi> and tr like do not controlls and to inject fraud only
```https://gitlab.torproject.org/legacy/trac/-/issues/27723Obfs4 stopped working 16 Sept 182021-03-27T04:55:11ZTracObfs4 stopped working 16 Sept 18I was using obfs4 on 15 Sept 18, but shortly after midnight, it stopped working, and I'm using azure. I assume that's the only thing that works when obfs4 fails.
**Trac**:
**Username**: mwolfeI was using obfs4 on 15 Sept 18, but shortly after midnight, it stopped working, and I'm using azure. I assume that's the only thing that works when obfs4 fails.
**Trac**:
**Username**: mwolfeDavid Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/7144Implement Bridge Guards and other anti-enumeration defenses2020-08-10T13:46:33ZKarsten LoesingImplement Bridge Guards and other anti-enumeration defenses[Proposal 188](https://gitweb.torproject.org/torspec.git/tree/proposals/188-bridge-guards.txt) specifies Bridge Guards and other anti-enumeration defenses. We should implement this proposal.[Proposal 188](https://gitweb.torproject.org/torspec.git/tree/proposals/188-bridge-guards.txt) specifies Bridge Guards and other anti-enumeration defenses. We should implement this proposal.Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/14835Script to upload Tor Browser to Github2020-06-21T18:05:15ZIsrael LeivaScript to upload Tor Browser to GithubI have made a preliminary version of a script to upload Tor Browser to GitHub. This should be integrated with the work done in #14744, as it should be run after fetching the latest Tor Browser. After the Tor Browser files have been fetch...I have made a preliminary version of a script to upload Tor Browser to GitHub. This should be integrated with the work done in #14744, as it should be run after fetching the latest Tor Browser. After the Tor Browser files have been fetched, this script copy the files to a new directory called VERSION, where VERSION is the version of the latest Tor Browser. Then it commits and push the changes to GitHub, all of this done via system calls to git, and with the assumption that a GitHub repository has been previously created and synchronized in the machine that the script is executed. After that, the GitHub API is used to get the links of the files recently pushed and create a links file with that info.
You can check a sample links file [here](https://github.com/ilv/gettor/blob/master/providers/github.links) and the script bundles2github [here](https://github.com/ilv/gettor/blob/master/upload/bundles2github.py). Please note that the uploaded files are plain text, so if you open the links you will only see raw text. A sample link for a binary file can be found [here](https://github.com/ilv/gettor/raw/master/upload/tor-browser-linux32-4.0.2_en-US.tar.xz).
In order to make the git commits and push without problems or user interaction, one should previously create a SSH key and link that key to GitHub. Similarly, to interact with the GitHub API without using basic credentials (user/pass), one should previously create a token in GitHub. For the tests I did a personal access token was enough.
This was done for the purposes of #14114. Reviews welcome!Israel LeivaIsrael Leivahttps://gitlab.torproject.org/legacy/trac/-/issues/31539FAQ page (esp connection troubleshoooting) should be available offline in TB2020-06-16T01:06:49ZNima FatemiFAQ page (esp connection troubleshoooting) should be available offline in TBTor has been once again blocked as of few hours ago in Iran. And as per usual my DMs and Email have been flooded with questions from censored users not knowing how to get back on the network. This means people still don't know they can u...Tor has been once again blocked as of few hours ago in Iran. And as per usual my DMs and Email have been flooded with questions from censored users not knowing how to get back on the network. This means people still don't know they can use a bridge, or that there are default bridges provided, or that they can perform bridge discovery inside the Tor Browser.
One of the things I've always admired Tails for, is that all of their documentation is available offline inside Tails. We used to do a similar thing. In the old days, there was a short Tor Browser manual. A one page simple html that was served when someone would request TB via GetTor.
I think it wont hurt to load an offline HTML page in case connection fails, and users are confused on what to do next. In my experience, most users don't even know that there are other ways to connect to the Tor network when the direct connection fails.
Additionally, we should consider a scenario that I haven't seen covered by any of the help documents I've read so far and that is when a user has already been connecting to the Tor network directly, but after some time it fails and now they need a bridge.
I'm not sure which component would be the right one for this, considering it involves censorship circumvention, tor browser and tor support. Feel free to move it to the right bucket.https://gitlab.torproject.org/legacy/trac/-/issues/12727Vanilla Tor Connectivity Issues In Iran -- Directory Authorities Blocked?2020-06-15T23:19:23ZTracVanilla Tor Connectivity Issues In Iran -- Directory Authorities Blocked?Social media users and @mttp report that vanilla Tor no longer works.
Confirmed that Tor v0.2.2.35 out of the box fails to progress beyond:
```
Bootstrapped 5%: Connecting to directory server.
```
Same behavior confirmed on v0.2.4.23 ...Social media users and @mttp report that vanilla Tor no longer works.
Confirmed that Tor v0.2.2.35 out of the box fails to progress beyond:
```
Bootstrapped 5%: Connecting to directory server.
```
Same behavior confirmed on v0.2.4.23 built from source.
Fetched random bridge from bridges.tpo and applied to torrc, quickly bootstrapped through bridge and successfully confirmed access through check.tpo.
With stem-listed DAs, wrote python script to check connectivity to DAs based on a simple TCP connect(). For OR port, if successful, the cert sha1 was retrieved.
Connect Test Results for directory authorities:
```
Tonga 82.94.251.203 (OR: 443 , 14:C7:A1:55:82:1C:D4:81:5C:55:8F:25:E5:7F:CF:F0:3E:BF:67:30 ), (Dir: 80 , successful )
turtles 76.73.17.194 (OR: 9090 , timeout ), (Dir: 9030 , timeout )
dizum 194.109.206.212 (OR: 443 , timeout ), (Dir: 80 , timeout )
gabelmoo 212.112.245.170 (OR: 443 , timeout ), (Dir: 80 , timeout )
urras 208.83.223.34 (OR: 80 , timeout ), (Dir: 443 , timeout )
tor26 86.59.21.38 (OR: 443 , timeout ), (Dir: 80 , timeout )
moria1 128.31.0.39 (OR: 9101 , 97:4B:DD:96:D3:21:1F:52:F9:8C:0A:BB:7C:27:3B:19:7F:02:5A:1D ), (Dir: 9131 , successful )
dannenberg 193.23.244.244 (OR: 443 , timeout ), (Dir: 80 , timeout )
Faravahar 154.35.32.5 (OR: 443 , timeout ), (Dir: 80 , timeout )
maatuska 171.25.193.9 (OR: 80 , timeout ), (Dir: 443 , timeout )
```
TCP traceroute to Faravahar dies at the Telecommunications Company of Iran for all TCP ports (ICMP is fine).
```
traceroute to 154.35.32.5 (154.35.32.5), 30 hops max, 60 byte packets
1 [hop-1, responsive]
2 [hop-2, unresponsive]
3 [hop-3, responsive]
4 [hop-4, responsive]
5 78.38.255.100 (78.38.255.100) 1.300 ms 1.127 ms 1.334 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
[...]
```
Taken against the successful ICMP traceroute, the next hop hits 10.10.53.209 then exits Iran through PCCW Global. Based on the TCI's history in past disruptions, that this would occur at the international gateway is unsurprising and indicates that all users on unprivileged networks are likely blocked unless using a bridge.
For posterity, 10.10.53.209 only has one open port, HTTP on 80, which returns the "level 15 access" authentication message indicative that it is a Cisco router.
**Trac**:
**Username**: cdahttps://gitlab.torproject.org/legacy/trac/-/issues/26087Growth in bridge users in Iran circa 2018-05-012020-06-13T18:31:19ZcypherpunksGrowth in bridge users in Iran circa 2018-05-01https://metrics.torproject.org/userstats-bridge-country.html?graph=userstats-bridge-country&country=ir
Seems worth investigating as there as well recent reports of Tor not working in Iran, e.g.: https://blog.torproject.org/comment/27526...https://metrics.torproject.org/userstats-bridge-country.html?graph=userstats-bridge-country&country=ir
Seems worth investigating as there as well recent reports of Tor not working in Iran, e.g.: https://blog.torproject.org/comment/275268#comment-275268David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/22369Increase of users in Ukraine due to block of Russia-based services2020-06-13T18:31:15ZDavid Fifielddcf@torproject.orgIncrease of users in Ukraine due to block of Russia-based servicesThere was a large and sudden increase in users from Ukraine, both relay and bridge, on 2017-05-16.
It is probably related to a blockage by Ukraine of some Russia-based sites including VKontakte and Mail.ru:
* https://www.rt.com/busines...There was a large and sudden increase in users from Ukraine, both relay and bridge, on 2017-05-16.
It is probably related to a blockage by Ukraine of some Russia-based sites including VKontakte and Mail.ru:
* https://www.rt.com/business/388502-ukraine-bans-vk-yandex/ ([archive link](https://web.archive.org/web/20170524224004/https://www.rt.com/business/388502-ukraine-bans-vk-yandex/))
Other links:
* [reddit post](https://www.reddit.com/r/TOR/comments/6c9ig1)
* [tor-talk thread](https://lists.torproject.org/pipermail/tor-talk/2017-May/043205.html)
![userstats-relay-country-ua-2017-05-01-2017-07-06-off.png](uploads/userstats-relay-country-ua-2017-05-01-2017-07-06-off.png)[link](https://metrics.torproject.org/userstats-relay-country.html?start=2017-05-01&end=2017-07-06&country=ua&events=off)
![userstats-bridge-country-ua-2017-05-01-2017-07-06.png](uploads/userstats-bridge-country-ua-2017-05-01-2017-07-06.png) [link](https://metrics.torproject.org/userstats-bridge-country.html?start=2017-05-01&end=2017-07-06&country=ua&events=off)
![userstats-bridge-combined-ua-2017-05-01-2017-07-06.png](uploads/userstats-bridge-combined-ua-2017-05-01-2017-07-06.png) [link](https://metrics.torproject.org/userstats-bridge-combined.html?start=2017-05-01&end=2017-07-06&country=ua&events=off)
There was also a spike in Tor Browser downloads for the en-US and ru locales.
![webstats-tb-locale-2017-05-01-2017-07-06.png](uploads/webstats-tb-locale-2017-05-01-2017-07-06.png) [link](https://metrics.torproject.org/webstats-tb-locale.html?start=2017-05-01&end=2017-07-06)https://gitlab.torproject.org/legacy/trac/-/issues/20907Blocking of public relays in Belarus, 2016-12-012020-06-13T18:31:10ZDavid Fifielddcf@torproject.orgBlocking of public relays in Belarus, 2016-12-01Direct users decreased from 5,500 to 3,000 over a few days starting on November 30 or December 1. Bridge users simultaneously increased, from 250 to 2,000.
OONI blog post: [urandom.pcap: Belarus (finally) bans Tor](https://ooni.torproje...Direct users decreased from 5,500 to 3,000 over a few days starting on November 30 or December 1. Bridge users simultaneously increased, from 250 to 2,000.
OONI blog post: [urandom.pcap: Belarus (finally) bans Tor](https://ooni.torproject.org/post/belarus-fries-onion/):
> 1. Tor directory authorities are not blocked
> 2. Public onion routers have their ORPort blocked by TCP RST injection
> 3. The onion routers’ DirPort is not blocked
> 4. Plain-old non-obfuscated Tor Bridges from BridgeDB circumvent the interference
> 5. Beltelecom (or its upstream) has strange configuration of the networking gear injecting reset packets
![userstats-relay-country-by-2016-09-07-2016-12-11-off.png](uploads/userstats-relay-country-by-2016-09-07-2016-12-11-off.png) [link](https://metrics.torproject.org/userstats-relay-country.html?start=2016-09-07&end=2016-12-11&country=by&events=off)
![userstats-bridge-country-by-2016-09-07-2016-12-11.png](uploads/userstats-bridge-country-by-2016-09-07-2016-12-11.png) [link](https://metrics.torproject.org/userstats-bridge-country.html?start=2016-09-07&end=2016-12-11&country=by)
![userstats-bridge-combined-by-2016-09-07-2016-12-11.png](uploads/userstats-bridge-combined-by-2016-09-07-2016-12-11.png) [link](https://metrics.torproject.org/userstats-bridge-combined.html?start=2016-09-07&end=2016-12-11&country=by)https://gitlab.torproject.org/legacy/trac/-/issues/20785Block of some direct users in Saudi Arabia, 2016-11-202020-06-13T18:31:09ZDavid Fifielddcf@torproject.orgBlock of some direct users in Saudi Arabia, 2016-11-20On 2016-11-20, the number of direct users dropped from about 8000 to about 5500. There was a simultaneous increase in bridge users (mostly obfs4) from about 500 to over 1200.
One month later, on 2016-12-22, the number of bridge users dr...On 2016-11-20, the number of direct users dropped from about 8000 to about 5500. There was a simultaneous increase in bridge users (mostly obfs4) from about 500 to over 1200.
One month later, on 2016-12-22, the number of bridge users dropped again, almost back to where it was before.
![userstats-relay-country-sa-2016-08-28-2017-06-01-off.png](uploads/userstats-relay-country-sa-2016-08-28-2017-06-01-off.png) [link](https://metrics.torproject.org/userstats-relay-country.html?start=2016-08-28&end=2017-06-01&country=sa&events=off)
![userstats-bridge-country-sa-2016-08-28-2017-06-01.png](uploads/userstats-bridge-country-sa-2016-08-28-2017-06-01.png) [link](https://metrics.torproject.org/userstats-bridge-country.html?start=2016-08-28&end=2017-06-01&country=sa)
![userstats-bridge-combined-sa-2016-08-28-2017-06-01.png](uploads/userstats-bridge-combined-sa-2016-08-28-2017-06-01.png) [link](https://metrics.torproject.org/userstats-bridge-combined.html?start=2017-06-01&end=2016-11-26&country=sa)https://gitlab.torproject.org/legacy/trac/-/issues/20419iran has banned tor successfully2020-06-13T18:31:07ZTraciran has banned tor successfully
using tor in iran in these days is impossible.
look likes gov finally find the way to block all tor traffic in iran.
even bridges are not working.
**Trac**:
**Username**: ufd33
using tor in iran in these days is impossible.
look likes gov finally find the way to block all tor traffic in iran.
even bridges are not working.
**Trac**:
**Username**: ufd33https://gitlab.torproject.org/legacy/trac/-/issues/20216Iran blocking of direct users, 2016-08 and 2016-092020-06-13T18:31:00ZDavid Fifielddcf@torproject.orgIran blocking of direct users, 2016-08 and 2016-09
Direct users in Iran dropped from 8,000 to 2,000 between 2016-08-20 and 2016-08-23. The numbers recovered to 4,000, then crashed to 400 on 2016-09-03 and 2016-09-04.
![userstats-relay-country-ir-2016-06-24-2016-09-22-off.png](uploads/...
Direct users in Iran dropped from 8,000 to 2,000 between 2016-08-20 and 2016-08-23. The numbers recovered to 4,000, then crashed to 400 on 2016-09-03 and 2016-09-04.
![userstats-relay-country-ir-2016-06-24-2016-09-22-off.png](uploads/userstats-relay-country-ir-2016-06-24-2016-09-22-off.png) [link](https://metrics.torproject.org/userstats-relay-country.html?start=2016-06-24&end=2016-09-22&country=ir&events=off)
_Edit 2016-10-04: the bridge changes below, on further investigation, appear to be unrelated to anything done by Iran._
Looking at bridge users, there is an increase right around 2016-08-20, the time of the first blocking, then an abrupt return to previous levels around 2016-09-03, the time of the second blocking.
![userstats-bridge-country-ir-2016-06-24-2016-09-22.png](uploads/userstats-bridge-country-ir-2016-06-24-2016-09-22.png) [link](https://metrics.torproject.org/userstats-bridge-country.html?start=2016-06-24&end=2016-09-22&country=ir)
Looking at the graph of bridge users by transport, obfs4 continued working while obfs3 and vanilla were blocked.
![userstats-bridge-combined-ir-2016-06-24-2016-09-22.png](uploads/userstats-bridge-combined-ir-2016-06-24-2016-09-22.png) [link](https://metrics.torproject.org/userstats-bridge-combined.html?start=2016-06-24&end=2016-09-22&country=ir)https://gitlab.torproject.org/legacy/trac/-/issues/15198Cyberoam blocking connections to Tor2020-06-13T18:30:56ZJacob AppelbaumCyberoam blocking connections to TorI'm currently in Istanbul, Turkey at a local university. The network blocks connections to the Tor network (using Tails) with a layered approach to censorship, I suspect.
I've tried to configure regular bridges, obfs2,3,scramblesuit PT ...I'm currently in Istanbul, Turkey at a local university. The network blocks connections to the Tor network (using Tails) with a layered approach to censorship, I suspect.
I've tried to configure regular bridges, obfs2,3,scramblesuit PT and direct connections. None appear to function. I am able to ssh out - so I can connect to Tor by binding a local SOCKS proxy and configuring Tor to connect over a SOCKS proxy. That is how I've filed this bug report.
The Cyberoam device is clearly acting as a MITM - it is highly annoying. It is a captive portal, which is easy to bypass with a login/password (ironically, not deployed with https!), after the captive portal, it filters conections by protocol, ip address and port number - I haven't yet fingerprinted the device upstream but I'll add information as I find it.https://gitlab.torproject.org/legacy/trac/-/issues/8591GFW actively probes obfs2 bridges2020-06-13T18:30:53ZPhilipp Winterphw@torproject.orgGFW actively probes obfs2 bridgesIt looks like the GFW is now actively probing obfs2. After hearing rumours yesterday, I wasn't able to reproduce this. Today, however, I got my private obfs2 bridge probed just milliseconds after my own connection from China. I got hit b...It looks like the GFW is now actively probing obfs2. After hearing rumours yesterday, I wasn't able to reproduce this. Today, however, I got my private obfs2 bridge probed just milliseconds after my own connection from China. I got hit by two random Chinese addresses as we already know it from the Tor probing. After the probing, my obfs2 connection timed out and the SYN/ACK segments from the bridge were dropped when trying to establish a new connection. I could reproduce all of this several times.
I haven't tested obfs3 yet and I suppose we can skip the old looking-for-the-fingerprint game. Depending on what protocols they are trying to detect, they might have to probe several times since it's not clear what's behind all that entropy. It might be obfs2, obfs3 or VPN PSK and perhaps even more protocols.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.org