Skip to content

Integrate new pluggable transport: Proteus

💡 Proposal

Proteus is a new pluggable transport, developed by @robgjansen and Ryan Wails, that allows circumvention developers to define and adapt the transport protocol through configuration files, instead of necessitating the deployment of a new bridge and client binaries.

This is a proposal to discuss the integration of Proteus in Tor Browser.

User Story

Many changes in circumvention tools in response to censorship events require us to ship new deployments of the client binary. This requires new Tor Browser releases, which take effort to produce and are themselves subject to censorship. Proteus offers specification language that allows for the adaptation of the transport protocol through sharing relatively small configuration files rather than a full PT binary update.

Additionally, there are limits to the flexibility in existing pluggable transports to circumvent multiple types of censorship. Many PTs provide Bride line options, such as UTLS settings, to tune how the PT behaves for different censorship scenarios, but these variances need to be manually programmed and can result in large code bases.

Proteus specification files are small (see the Appendices of the Proteus paper), and can be shared more easily through the existing distribution methods of rdsys. However, to fully support this adaptable framework, we would need to provide some custom rdsys endpoints and UX/background tasks in the browser to allow updating these specification files rather than the Bridge line. Ideally we would also allow different individual bridges to have their own specification files.

Proteus is fully functional as a command-line transport and implemented in Rust: https://github.com/unblockable/proteus

Security and Privacy Implications

Security

The pluggable transport itself would be similar to existing PTs. It is a standalone binary that runs in a separate process from Tor and Tor Browser.

The additional UX and rdsys endpoints to facilitate updates to specification files are low risk, as we already use rdsys for such updates.

Privacy

Proteus does not contact any third party services.

Accessibility Implications

Other Trade-Offs

Prior Art

Does this feature exist in other browsers?

  • Yes
    • Firefox
    • Firefox ESR
    • Other (please specify)
  • No

Does this feature exist as an extension? If yes, which one provides this functionality?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information