On Sat, Feb 15, 2014 at 6:44 AM, Delton Barnes delton.barnes@mail.ruwrote:

Upon upgrading obfsproxy to 0.2.6 and Tor to 0.2.5.1-alpha-dev (git-f63b394d90583b77+96972c4) for scramblesuit, I got this in the Tor log:

Feb 15 04:40:03.000 [notice] We are a bridge with a pluggable transport proxy but the Extended ORPort is disabled. The Extended ORPort helps Tor communicate with the pluggable transport proxy. Please enable it using the ExtORPort torrc option.

How should this be set? What does it do? I saw some web pages suggesting "ExtORPort 6699" for statistics-gathering purposes.

I personally think there should be some kind of notice (or it should be more verbose) for obfsproxy bridge operators who are upgrading to the newest obfsproxy, telling them to enable ExtORPort and so on. That notice should include instructions how to do this, which is very simple (assuming obfsproxy bridge operators are already familiar with torrc):

You just need to add one line to your torrc:

ExtORPort <some_unused_port>

so for example

ExtORPort 6699

If obfsproxy is already running, it's probably best to then simply restart tor (vs. just reloading, that is, 'sudo service tor reload' or 'sudo killall -HUP tor'). Tor will start listening to that port, and will automatically inform obfsproxy (upon starting it) to use this port for communication.

What does it do?

As far as I understand it, ExtORPort tells tor to open a local-only (bound to localhost) socket for getting information from / communicating with obfsproxy (the pluggable transport proxy executable); i.e. the only communication that happens through this port is between tor and obfsproxy. Information exchanged includes statistics about obfsproxy bridge users (such as the number of users coming from a specific country and the number of users per each pluggable transport). Tor then aggregates this data (rounding up to a number, etc.) in a way that makes sure it is anonymized / cannot be used by anyone attempting to pinpoint users of this specific bridge and so on.

You can e.g. look up some statistics that come from this kind of reporting on the Tor Metrics portal.[1] (the actual numbers are probably significantly different from what is currently shown; hence the need for more bridges with ExtORPort enabled.

I may have misunderstood something, though. But in any case, it's best if you just include a "ExtORPort <some_port>" line in your torrc - that should be enough.

[1]: e.g. obfs3 transport users: https://metrics.torproject.org/users.html?graph=userstats-bridge-transport&a...

--

Kostas.

0x0e5dce45 @ pgp.mit.edu