I think is a nice idea, but realistically we are not going to do this any time soon. And it might make sense to put our effort on improving our logcollector and make more use of those stadistics.
Let's close this issue.
As of June 2019, BridgeDB distributes bridges over HTTPS, email, and moat. We should find out which ones of these three distribution channels censors can break by injecting test bridges into all of them, and monitoring for how long these bridges continue to be reachable. For now, we should focus on China.
BridgeDistribution
tor option to tell BridgeDB how they choose to be distributed.AssumeReachable
to rule out the possibility that the censor found the bridge by discovering its ORPort somehow.We probably want more than one bridge per distribution channel. For example, if our HTTPS bridge becomes blocked, we don't know for sure that the GFW is able to enumerate a large fraction of the HTTPS pool. Theoretically, a GFW engineer could have gotten the bridge after a single request to bridges.torproject.org. The more bridges we have, the more confident can we be in our results.
Also, we should understand how BridgeDB maintains its sub-hashrings per distribution channel.
There has being a big drop on obfs4 users in china:
Can it be that china has started scrapping our Settings bridges and the "connect assist" users have stop being able to use it?
Some possible approaches to investigate that:
Yes, this is solved and dynamic bridges are on the settings pool now.
@meskio can we close this ticket?
Removing this issue from Sponsor 96's project that ends on March 31st.
@meskio can we close this ticket?
A kind of censorship is observed in some regions within China that redirect web pages to a webpage showing an "Anti-Fraud" message. For China Unicom users, the redirection target is https://web.archive.org/web/20220111095544/http://39.102.194.95/ [Archived]. For China Telecom users, the redirection target is https://web.archive.org/web/20220109142919/http://182.43.124.6/ [Archived].
To find relevant records from OONI telemetry data, the following script can be used on dumped jsonl data. The output of this script is attached.
#!/usr/bin/env bash
find . -type f | while IFS= read -r line
do
gzip -d -c $line |grep 39.102.194.95
gzip -d -c $line |grep 182.43.124.6
done
Based on telemetry data, this censorship is first observed on 2021-12-23 19:24:04 and is still present.
Following websites from the OONI test suite is recorded to be impacted by this censorship. It is worth noting that these websites are not considered under censorship in other regions as indicated by China Firewall Test. The number prepend the URL is the number of reports.
18 http://www.arabrenewal.com/
20 http://www.ilhr.org/
16 http://www.jdl.org/
1 http://www.moderndrunkardmagazine.com/
This censorship is observed in following ASNs. The number prepend the ASN number is the number of reports from that ASN.
4 AS134773
1 AS17622
42 AS17962
2 AS4134
4 AS4808
2 AS4837
The URL users are forwarded to:
http://182.43.124.6/fzyujing?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYNnVEaamsCa99tIenxHG1Z7Bue9KnCzdQShE4Cv+25BB5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY3lGI4+P2yUVYnaPx+M8XZddOiOsxhdHhTox+k4emnXpE+BkEUiKMz0S924s/CH7ys6CHMHWgVC5yjyodAIRgSBggRJ6f2A0i496Uq4ZFAd0LnhNCmnnnnI6lEFpxDfiI/h4EmGOaGbmKoNFVFQ5ko4=
http://182.43.124.6/fzyujing/?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYNnVEaamsCa99tIenxHG1ZzJE8KQ0kxSxhT+3cKPVP1p5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY3lGI4+P2yUVYnaPx+M8XZcHiCwzIHvtVd0w35S9BEluDZ/tVJu/w4OYxG1BArBV5OPVflbT35AnOTzXerwyZBZsfUap3NQuvWeBvs3/i3bhPYD45T+/M7oLeMRfsWiwQbKgXR9zLqa35vM1ZoNJgIk=
http://182.43.124.6/fzyujing?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYNnVEaamsCa99tIenxHG1ZzJE8KQ0kxSxhT+3cKPVP1p5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY3lGI4+P2yUVYnaPx+M8XZcHiCwzIHvtVd0w35S9BEluDZ/tVJu/w4OYxG1BArBV5OPVflbT35AnOTzXerwyZBZsfUap3NQuvWeBvs3/i3bhPYD45T+/M7oLeMRfsWiwQbKgXR9zLqa35vM1ZoNJgIk=
http://182.43.124.6/fzyujing?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPUESQ8Nik1KSlnaQg7XVtkh5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzYzWS5UfZ0mdDqzMVUUYw0vSyVf+T5oHqzGdQHds9NaShhbnZDuqZM85Z8i65N8JaUePVflbT35AnOTzXerwyZBb1RF9szhLe25IqWK+oGh2XVuINoJq/mlqY3Nm+TOoBarKgXR9zLqa35vM1ZoNJgIk=
http://182.43.124.6/fzyujing?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPY2SWKaaWYfAvYd9lSnNdFN5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY/pLKX476UcMsu1nUIIo99YS6sQQfyIu3q+YF4Tpx4iA2JOiBm9P1haFTb2GjaFieuxS4bHOiCv/9hCa2DUOlYeR7ibbe/DNhbNewxjXNAy+6y+Z6ZvYeAlJ1SlXa+kwTg==
http://182.43.124.6/fzyujing?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPZS8e4LuSaaCGb9zdSfPWlJ5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY+3m3EaXvZA2fSo9877ZXTRRQyqyGeXaXJdN4Vvazd+3aYN+FHsXbi6mCzV5tGCuC9NjXqC6U6oIWOt+M5XucvzeYVxl1l6KC/dBWY832K2v9Ey37zzMlZRBksd1Un0oD/S+t4DAOgdPg3iUryOuRPI=
http://182.43.124.6/fzyujing?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPZS8e4LuSaaCGb9zdSfPWlJ5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY+3m3EaXvZA2fSo9877ZXTRRQyqyGeXaXJdN4Vvazd+3DX3sjskjQTEUYd1fqST8E9NjXqC6U6oIWOt+M5Xucvy9NwqpKN9H/hGxmXfiDkqRHcg74DvC9KSiIIHf6sNHY/S+t4DAOgdPg3iUryOuRPI=
http://182.43.124.6/?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYNnVEaamsCa99tIenxHG1Z7Bue9KnCzdQShE4Cv+25BB5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY3lGI4+P2yUVYnaPx+M8XZddOiOsxhdHhTox+k4emnXpE+BkEUiKMz0S924s/CH7ys6CHMHWgVC5yjyodAIRgSBggRJ6f2A0i496Uq4ZFAd0LnhNCmnnnnI6lEFpxDfiI/h4EmGOaGbmKoNFVFQ5ko4=
http://182.43.124.6/?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPUESQ8Nik1KSlnaQg7XVtkh5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzYzWS5UfZ0mdDqzMVUUYw0vSyVf+T5oHqzGdQHds9NaShhbnZDuqZM85Z8i65N8JaUePVflbT35AnOTzXerwyZBb1RF9szhLe25IqWK+oGh2XVuINoJq/mlqY3Nm+TOoBarKgXR9zLqa35vM1ZoNJgIk=
http://182.43.124.6/?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPY2SWKaaWYfAvYd9lSnNdFN5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY/pLKX476UcMsu1nUIIo99YS6sQQfyIu3q+YF4Tpx4iA2JOiBm9P1haFTb2GjaFieuxS4bHOiCv/9hCa2DUOlYeR7ibbe/DNhbNewxjXNAy+6y+Z6ZvYeAlJ1SlXa+kwTg==
http://182.43.124.6/?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPZS8e4LuSaaCGb9zdSfPWlJ5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY+3m3EaXvZA2fSo9877ZXTRRQyqyGeXaXJdN4Vvazd+3aYN+FHsXbi6mCzV5tGCuC9NjXqC6U6oIWOt+M5XucvzeYVxl1l6KC/dBWY832K2v9Ey37zzMlZRBksd1Un0oD/S+t4DAOgdPg3iUryOuRPI=
http://182.43.124.6/?parameter=wUgS4UY2HgpR115GfYViaUQpgQr64twCVtgMqpEfRnahjLQR84W1d5EW1pFOM/PYyt2JkBCFTbg3GhFhggQcPZS8e4LuSaaCGb9zdSfPWlJ5qwHRLlr1Mdl93M0T47djplTJzDvXMBGfpUrks2lzY+3m3EaXvZA2fSo9877ZXTRRQyqyGeXaXJdN4Vvazd+3DX3sjskjQTEUYd1fqST8E9NjXqC6U6oIWOt+M5Xucvy9NwqpKN9H/hGxmXfiDkqRHcg74DvC9KSiIIHf6sNHY/S+t4DAOgdPg3iUryOuRPI=
http://39.102.194.95
The fzyujing
in the URL can be interpreted as shortened pinyin.
The page shows
国家反诈中心、 工信部反诈中心、 中国联通/中国电信提示您
State Anti-Fraud Center(Name Translated by Meaning), Ministry of Industry and Information Technology Anti-Fraud Center (Name Translated by Meaning), China Unicom/China Telecom(depending on which page the user land on) would like to advise you that:
您访问的网站/网页存在 诈骗风险 ,请注意个人信息和财产安全
The website/webpage you are visiting have the risk of (committing fraud)(In red and larger font), please be careful in protecting your information and property's safety.
联系电话:010-67825170
Contact phone number: 010-67825170 (This show this phone is a landline from Beijing)
There are 3 QR codes/link on the bottom. The first two links allegedly point to the location to download a smartphone application, the third link pointed to the Ministry of Industry and Information Technology Anti-Fraud Task Force (Name Translated by Meaning) 's Tencent WeChat Channel.
These are unconfirmed rumours about this censorship. These data is not independently verified.
This censorship targets all websites that are not on the allowlist. (Claimed by https://t.me/xhqcankao/2168, unable to verify)
This censorship is conducted by DNS hijacking(claimed by https://t.me/outvivid/3314, not supported by OONI result).
Unverified Video Evidence, archived shows an non-well-known website is redirected to the webpage mentioned. (Claimed by https://t.me/xhqcankao/2168?comment=70585, similar user post: https://hostloc.com/thread-944912-1-1.html, https://hostloc.com/thread-950114-1-1.html, https://hostloc.com/thread-952939-1-1.html, https://hostloc.com/thread-955289-1-1.html, unable to verify)
This censorship is currently observed by Quanzhou, Fujian. (Claimed by multiple sources in text messages, unable to verify)
We didn't receive any new information about this for a while. Let's close it for now.
@shelikhoo can we close this ticket? What are next steps here?