bridges.torproject.org Pluggable Transport configuration warnings
Instructions from !https://bridges.torproject.org/ aren't complete so I tried to write better from the Vidalia help and !https://blog.torproject.org/blog/different-ways-use-bridge
(!https://bridges.torproject.org/) "(here I suggest to add the !https://bridges.torproject.org/?transport=obfs3 link. It would be convenient to provide and highlight the active links from the bottom of the page to here and for all the supported Transports than to let the users to feel lucky with "Specify transport by !name:" form. I suggest to rename the "Looking for obfsproxy bridges?" to specific obfs2) To receive your bridge relay address, please prove you are human
Here is the address you asked for:
x Another way to find public bridge addresses is to send mail to email@example.com with the line "get bridges" in the body of the mail. However, so we can make it harder for an attacker to learn lots of bridge addresses, you must send this request from an email address at one of the following domains:
To use the Bridge address, go to Vidalia's Network settings page, check the "My ISP blocks connections to the Tor network" box and add the bridges, one at a time, to the list.
Configuring more than one bridge address will make your Tor connection more capable of circumvention, in case the Bridge became unreachable, but also more recognizable, in case some bridge you are using became recognized as Tor-specific relay. Tor Project bundles, by default, handshaking through the Internet with all bridges listed in Vidalia's network settings. IT IS SUGGESTED to replace all the default bridges from the list to minimize the probability of recognition as Tor user BEFORE YOU START to use the Pluggable Transport bundles
- Go off-line
- Launch Vidalia (start browser bundle)
- Stop Tor
- Configure the Bridges list
- Restart the Vidalia and Tor (restart browser bundle) or
- Redact the "torrc" before the first launch.
If you are using the Pluggable Transport Bundle for obfuscation rather than for circumvention, so you got trusted Bridge, you should disable Flash proxy bridges from connecting to your browser by deleting the websocket bridge from the Bridges list. Read about default Flash proxy configuration here !https://trac.torproject.org/projects/tor/wiki/FlashProxyHowto
Even if your connection to the Tor have already leaked you could still help the new users to obtain their first Bridge address without them contacting the Tor directly.
What is Tor bridge?
"Bridge relays (or "bridges" !https://www.torproject.org/docs/bridges.html.en for short) are the common name for the cutting edge Tor entrance relays(entry nodes?) being developed and running on the diverse Pluggable Transports servers configuration. You could imagine your Pluggable Transport of choice is coursing between your client and the Tor network first by the specialized (possibly hidden or even private) Bridges, then routed by classic Tor to the Internet, and back again.
After you choose and configure the connection method(s) with Pluggable Transports !https://www.torproject.org/docs/pluggable-transports.html.en in your Tor client you should point it to the compatible "bridge". An instance created from any of the current !https://cloud.torproject.org/ images will automatically be a normal bridge, an obfs2 bridge, and an obfs3 bridge. (What do you suggest to use and why?)
Are bridges significantly more secure than TBB direct relays? Should I move to the PTB?
Pluggable Transports have their specific advantages and disadvantages.
The differences to the "direct relays"(basic Tor entry nodes?) are
- Users can customize own connection priorities using Pluggable Transports.
- Relay authority can choose to publish bridge address to the Bridge Authority (a special Tor Project relay collecting all bridge addresses that it receives and providing it to users with interfaces like this page), or to distribute it in any other ways.
- !https://metrics.torproject.org/users.html#bridge-users to !https://metrics.torproject.org/users.html#direct-users
So Pluggable Transports could provide a significantly stronger circumvention and obfuscation abilities but could add to the connection latency so the TBB could be faster for a while"
Please edit, move, just don't throw away all this as I have invested time in this to help the project as much as I can.