A while back I wrote about a pluggable transport called meek that routes your traffic through a third-party web service in a way that should be difficult to block. There are now experimental bundles featuring this transport, ready for somewhat wider testing. Please try:
https://people.torproject.org/~dcf/pt-bundle/3.5.4-meek-1/
The files are signed with my key 0xC11F6276 from: https://www.torproject.org/docs/signing-keys https://www.bamsoftware.com/david/david.asc
You don't have to do anything in the configuration. Just click "Connect". What you'll see, if you look at your network traffic, is a lot of HTTPS requests to www.google.com. (And no connections to any Tor bridge, nor anything speaking the Tor protocol.) Behind the scenes, Google is passing the requests on to our web app, which then forwards them to a Tor bridge. More on how the whole system works is at https://trac.torproject.org/projects/tor/wiki/doc/meek.
Another thing to know is that starting the browser will run a second, headless instance of Firefox. The second browser is used as a tool for making HTTPS requests. It's the same Firefox binary used by Tor Browser (so it doesn't increase the size of the bundles), but it has a special configuration and an extension that allows it to access the network directly. When you're using meek, this browser extension is in fact the only thing that touches the network, but you never interact with it directly--it only takes orders from the client transport plugin. We do it this way so that the HTTPS requests look like they come from a browser, and are not fingerprintable as coming from some custom SSL program. The second browser should be completely invisible to you--except on OS X, where it creates a second dock icon (this is bug #11429).
These bundles are experimental and you shouldn't use them to replace your main browser just yet. We're most interested in hearing about what didn't work for you or what was surprising. I'll write another post about code review and other things that need to happen before you'll see meek in a mainline bundle.
David Fifield