On Tue, Aug 30, 2016 at 03:44:39PM -0700, David Fifield wrote:
On Mon, Aug 15, 2016 at 09:45:05PM -0700, David Fifield wrote:
Lynn Tsai and I just published a report on the blocking of Tor Browser's default obfs4 bridges. https://www.bamsoftware.com/proxy-probe/ https://www.usenix.org/system/files/conference/foci16/foci16-paper-fifield.p... One of the things we found is that the Great Firewall of China blocks the default bridges--but it takes a little while after release for them to do it. We saw delays as short as 2 days and as long as 36 days. We also found that when they block a bridge, they don't block the whole IP address; they just block a single port and other ports on the same IP remain accessible.
We can take advantage of these peculiarities by opening additional obfs4 ports on the default bridges, and changing the port numbers on each release. We'd keep the old ports open for people who haven't upgraded yet, but those who upgrade will start using the new ports. This way, we can make the bridges temporarily reachable after each new release--at least until the censors figure out what we're doing and start blocking more aggressively.
The following bridges have each opened up 10 additional obfs4 ports, through which we can begin rotating in the next release: LeifEricson GreenBelt MaBishomarim JonbesheSabz Azadi
Lynn just filed a ticket to rotate ports for these 5 bridges, plus Mosaddegh. https://bugs.torproject.org/20092 The old ports will continue to work.