A while back I wrote about a pluggable transport called meek that routes your traffic through a third-party web service in a way that should be difficult to block. There are now experimental bundles featuring this transport, ready for somewhat wider testing. Please try:
https://people.torproject.org/~dcf/pt-bundle/3.5.4-meek-1/
The files are signed with my key 0xC11F6276 from: https://www.torproject.org/docs/signing-keys https://www.bamsoftware.com/david/david.asc
You don't have to do anything in the configuration. Just click "Connect". What you'll see, if you look at your network traffic, is a lot of HTTPS requests to www.google.com. (And no connections to any Tor bridge, nor anything speaking the Tor protocol.) Behind the scenes, Google is passing the requests on to our web app, which then forwards them to a Tor bridge. More on how the whole system works is at https://trac.torproject.org/projects/tor/wiki/doc/meek.
Another thing to know is that starting the browser will run a second, headless instance of Firefox. The second browser is used as a tool for making HTTPS requests. It's the same Firefox binary used by Tor Browser (so it doesn't increase the size of the bundles), but it has a special configuration and an extension that allows it to access the network directly. When you're using meek, this browser extension is in fact the only thing that touches the network, but you never interact with it directly--it only takes orders from the client transport plugin. We do it this way so that the HTTPS requests look like they come from a browser, and are not fingerprintable as coming from some custom SSL program. The second browser should be completely invisible to you--except on OS X, where it creates a second dock icon (this is bug #11429).
These bundles are experimental and you shouldn't use them to replace your main browser just yet. We're most interested in hearing about what didn't work for you or what was surprising. I'll write another post about code review and other things that need to happen before you'll see meek in a mainline bundle.
David Fifield
There are a lot of components that make up the meek transport. There is the client and server, and then there is the middle part that runs on App Engine, and the browser extension that ensures we are speaking HTTPS the right way. I'm working towards deploying the transport, and to that end I'd like to encourage code review. This is your chance to get in on the ground floor of a new transport!
The purpose of review is to find bugs. Yawning found one already in the server component (the server didn't put a time limit on handling requests). Even comments such as "it's not clear what this part of the code is doing" are useful, because those parts of the code can hide bugs.
The following are, in my opinion, the files most in need of review. Most of them are under 350 lines, so they shouldn't be too hard to get into. The languages used are JavaScript for the browser extensions and Go for everything else. The overall information flow is tor ↔ meek-client ↔ extension ↔ reflector ↔ meek-server ↔ tor Also look at https://trac.torproject.org/projects/tor/wiki/doc/meek#Overview to get a feel for precisely what packets get sent.
Client plugin (meek-client) https://gitweb.torproject.org/pluggable-transports/meek.git/blob/HEAD:/meek-... https://gitweb.torproject.org/pluggable-transports/meek.git/blob/HEAD:/meek-...
Server plugin (meek-server) https://gitweb.torproject.org/pluggable-transports/meek.git/blob/HEAD:/meek-...
Reflector (the part that runs on App Engine) https://gitweb.torproject.org/pluggable-transports/meek.git/blob/HEAD:/appen...
Firefox extension (#11183) https://gitweb.torproject.org/pluggable-transports/meek.git/blob/HEAD:/firef... https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/blob/refs/head...
Chrome extension (#11393) (Not currently part of the bundle, but you can run it manually.) https://gitweb.torproject.org/pluggable-transports/meek.git/blob/HEAD:/chrom... https://gitweb.torproject.org/pluggable-transports/meek.git/blob/HEAD:/chrom...
Browser bundle packaging (#10935) https://gitweb.torproject.org/user/dcf/tor-browser-bundle.git/commitdiff/tbb...
David Fifield
-
David Fifield