Hi,
This is my monthly status report for work completed in December 2021.
I am developing a framework for deploying obfs4 bridges in public and private clouds using orchestration tools, with the specific use case being that bridges must be easily destroyable and creatable such that if they are blocked in target networks they can be quickly deployed to a new unblocked location.
Between Sponsor 96 and Sponsor 125, there are currently 39 dynamic bridges running. These bridges are distributed either by moat (Sponsor 96) or by Telegram (Sponsor 125). In next month’s update I hope to have some real numbers on the number of users per-country these bridges are supporting though currently there is no easy way to get this information. Some of these bridges are seeing more than 300 average connected users and load balancing may need to be considered once there is more data available.
The initial development focussed on two modules for deploying bridges with Terraform on two cloud providers, one using an Openstack API:
* https://github.com/sr2c/terraform-hcloud-tor-bridge * https://github.com/sr2c/terraform-openstack-tor-bridge
Two new modules have since been added to support the creation of a torrc configuration file natively within Terraform and to generate a ContactInfo string that is compliant with ContactInfo Information Sharing Specification version 2:
* https://github.com/sr2c/terraform-null-torrc * https://github.com/sr2c/terraform-null-contactinfo
Over the winter holiday, we worked to keep our pool of Telegram bridges updated with accessible bridges, deploying new bridges as required and decommissioning old bridges as they are no longer used. Thanks to others I worked with in the Tor team that gave up some of their holiday time to keep the free and open Internet accessible to those that wouldn’t otherwise have access!
This month I plan to generate metrics on the use of these dynamic bridges to inform how many we should be running and provide insight into country-level blocking. The Terraform modules will also continue to see improvements as I move away from the “provisioner” hack and instead use cloud-init to provision the bridges more reliably.
Thanks, Iain.
-- Iain Learmonth (he/him) SR2 Communications Limited Phone: +44 (0)1224 900 202 | Email: irl@sr2.ukmailto:irl@sr2.uk
tor-project@lists.torproject.org