On Thu, Jun 21, 2018 at 09:16:03AM -0700, David Fifield wrote:
State-owned CANTV is reportedly blocking access to Tor and obfs4.
It's likely that the obfs4 blocking is being effected by IP address blocking of the default obfs4 bridges. My guess is that non-default bridges from bridges.torproject.org will work.
I've been working with a person in #tor for the past few days, to try various configurations. My current best guess is that cantv is blocking by IP address only, and not doing DPI. It is blocking many of the public relay IP addresses, and it is blocking the default (built in to Tor Browser) obfs4 bridges. But obfs4 bridges from bridgedb work, and also vanilla bridges from bridgedb work.
That means it would be worthwhile for the OONI folks to do TCP reachability checks of all of the IP:ports for the Tor fallbackdir list.
And it also means we should consider a new Tor Browser release with a new or different set of Fallbackdirs, in case they don't plan to keep their censorship list up to date.
My thinking is that while people normally have no incentive to use anything but a default bridge, they can learn the skills they need now that there is a reason.
Agreed. Fetching and using vanilla (non obfs4) bridges is a good easy next step, and now is the time for them to learn that in the future there could be a second step in the arms race, and for that step they will need obfs4 bridges or something newer.
--Roger