Supporting NGOs with private bridges
Inspired by tpo/community/support#28526, this page documents how we can support NGOs with private bridges.
0. Understand the NGO's requirements
To be maximally useful, we need to understand the NGO's requirements. Ask at least the following questions:
- How many users do you have?
- Where are your users located?
- What is your threat model?
- What platforms are your users using? Desktop? Android?
- Can you run your own bridges? Or do you need bridges from us?
1. Point the NGO to Tor Browser download links
The NGO's users are likely subject to censorship and therefore unable to access our official download page. To download Tor Browser, we need to point the NGO to GetTor download links, which the NGO can then distribute to its users:
- Internet archive: https://archive.org/details/@gettor
- Google Drive folder: https://drive.google.com/drive/folders/13CADQTsCwrGsIID09YQbNz2DfRMUoxUU
- GitHub: https://github.com/torproject/torbrowser-releases/releases/
- GitLab: We maintain dedicated repositories for Windows, Linux, and OS X.
These hosting platforms all contain a large and confusing list of download links. To make things easier for the NGO, provide a few specific links; that is, links for Windows, MacOS, and Linux; for the desired locale. Also tell the NGO that its users can download their own copy of Tor Browser by emailing firstname.lastname@example.org.
2. Supply the NGO with bridges
There are two options. Whatever option we go with, we should monitor the bridges and take action if any go offline.
2.1 Teach the NGO how to run their own bridges
Point the NGO to our bridge setup guides and tell them to use the following torrc instead, to keep their bridge private:
BridgeRelay 1 # Replace "TODO1" with a Tor port of your choice. This port must be externally # reachable. Avoid port 9001 because it's commonly associated with Tor and # censors may be scanning the Internet for this port. You can firewall this # port if your users only connect over obfs4. ORPort TODO1 ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy # Replace "TODO2" with an obfs4 port of your choice. This port must be # externally reachable and must be different from the one specified for ORPort. # Avoid port 9001 because it's commonly associated with # Tor and censors may be scanning the Internet for this port. ServerTransportListenAddr obfs4 0.0.0.0:TODO2 # Local communication port between Tor and obfs4. Always set this to "auto". # "Ext" means "extended", not "external". Don't try to set a specific port # number, nor listen on 0.0.0.0. ExtORPort auto # Replace "<email@example.com>" with your email address so we can contact # you if there are problems with your bridge. This is optional but encouraged. ContactInfo <firstname.lastname@example.org> # Pick a nickname that you like for your bridge. This is optional. Nickname PickANickname # Tell BridgeDB to not distribute the bridge, so it remains private. BridgeDistribution none # Don't self-test, to minimise exposure. AssumeReachable 1
Tell the NGO that they may also want to firewall their bridges' OR port (as long as tpo/core/tor#7349 remains a problem). Mention that we are happy to help them test their bridges, to make sure that everything is configured correctly.
2.2 Supply the NGO with bridges
We are closely working with volunteers who maintain a pool of reliable and fast obfs4 bridges in various data centres around the world. We can take a subset of these bridges and send them to an NGO for private distribution. Keep track of what bridge was sent to what NGO.