Dear Tor relay
operators,
We're excited
to announce WebTunnel, a new bridge
pluggable
transport (PT) for the Tor ecosystem. It is
a censor resistant proxy that try to imitate HTTPS traffic,
based on HTTPT(https://www.usenix.org/conference/foci20/presentation/frolov)
research. We are currently operating a trial soft
launch for WebTunnel, and encourage
bridge operators to set up
WebTunnel bridges to discover issues within the
implementation of this new
pluggable transport.
How it works
------------
When
connecting to a WebTunnel Bridge, the client send a http 1.1
upgrade request to the load balancer over an encrypted
connection, like how WebSocket works. Thus, from an observator’s
point of view, this process looks like a real websocket
connection to the real website. If one ever try to connect to
the fronting website, then what will be presented will be that
fronting website. Without the full URL including the path, which
the censor don’t know, it is very difficult to tell if a website
hosts a WebTunnel by probing the HTTPS port.
Technical
requirements
----------------------
To set up a
WebTunnel Bridge, you
will need a self-hosted website, a domain
under your control, a
configurable load balancer, static IPv4, and
environment to setup Tor Bridge to setup a WebTunnel Bridge.
Docker or other container runtime is recommended to streamline
setup process, but is not required.
How to test
and report issues
-----------------------------
You can test the WebTunnel bridge
by
using the most
recent version of Tor Browser
Alpha (https://www.torproject.org/download/alpha/).
Currently, WebTunnel is only distributed over the HTTPS
distributor (torrc
setting:'BridgeDistribution https').
Given that
this new PT is only available now on Tor Browser Alpha, relay
operators should not expect significant usage or a large number
of users at the moment.
Please
let us know if you encountered any difficulty with WebTunnel
setup. Thanks for your contribution to the Tor ecosystem.