Hello, I am a Tor Browser user in China. Currently, many obfs4 bridges are blocked by China's firewall.
*Hello, I am a Tor Browser user in China. Currently, many obfs4 bridges are blocked by China's firewall. When will SkypeMorph Pluggable Transports and Dust Pluggable Transports be deployed in Tor Browser? There are no directory servers in I2P network. Can Tor learn from I2P? If Tor user have to access directory servers by bridges, I feel that Tor will be easily blocked by China's firewall. Can Tor no longer use directory servers in future? Since 2010 China's firewall has blocked all of the IP addresses of Tor directory servers. Thank you very much for your help. I really appreciate it. All the best with your work. Good luck in all that you will achieve.*
On Thu, Oct 01, 2015 at 08:55:33PM +0800, Li Xiaodong wrote:
Hello, I am a Tor Browser user in China. Currently, many obfs4 bridges are blocked by China's firewall. When will SkypeMorph Pluggable Transports and Dust Pluggable Transports be deployed in Tor Browser? There are no directory servers in I2P network. Can Tor learn from I2P? If Tor user have to access directory servers by bridges, I feel that Tor will be easily blocked by China's firewall. Can Tor no longer use directory servers in future? Since 2010 China's firewall has blocked all of the IP addresses of Tor directory servers. Thank you very much for your help. I really appreciate it. All the best with your work. Good luck in all that you will achieve.
Tor does not use directory servers when you are using bridges (including obfs4 bridges). The bridge has a copy of the directory information. Blocking the directory servers does not cause bridges to be blocked. But the IP address of the bridge itself could be blocked. It seems that this is what has happened in your case.
I don't know about a schedule for deploying SkypeMorph and Dust. They may not help in your case anyway. The GFW is probably blocking the IP addresses of your bridges, not detecting the obfs4 protocol itself.
You might have luck with the meek-amazon or meek-azure transports. They are not as likely to have their IP addresses blocked. With a little effort, you can customize it to use domains that you choose.
https://trac.torproject.org/projects/tor/wiki/doc/meek#Quickstart https://program-think.blogspot.com/2014/10/gfw-tor-meek.html http://www.atgfw.org/2015/02/torgfwpk1-meektor.html https://plus.google.com/+GhostAssassin/posts/26zCmDmjYXP
On Thu, 1 Oct 2015 08:26:50 -0700 David Fifield david@bamsoftware.com wrote:
I don't know about a schedule for deploying SkypeMorph and Dust. They may not help in your case anyway. The GFW is probably blocking the IP addresses of your bridges, not detecting the obfs4 protocol itself.
SkypeMorph: Never. (Licensing issues among other things)
Dust: I assume you mean Dust2, the original Dust is not getting deployed. Not sure yet.
[Folding in the 2nd reply]
If you know some details of how I2P resists blocking, please add them to this wiki page: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports
It doesn't do anything special.
The old TCP based protocol (NTCP) is trivially identifiable.
Blocking the more modern UDP protocol (SSU) would require looking for high-entropy UDP or doing statistical attacks IIRC. Active probing is possible if they run a node that's part of the network and obtain enough key material (But, I'd need to look at the floodfill system again to figure out how many nodes for how long is realistically required).
Regards,
-
David Fifield -
Li Xiaodong -
Yawning Angel