[tor-bugs] #28526 [Webpages/Support]: Document how NGOs can run private obfs4 bridges, and get some doing it
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 19 21:50:36 UTC 2018
#28526: Document how NGOs can run private obfs4 bridges, and get some doing it
----------------------------------+----------------------
Reporter: arma | Owner: (none)
Type: project | Status: assigned
Priority: Medium | Milestone:
Component: Webpages/Support | Version:
Severity: Normal | Keywords: ux-team
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: Sponsor19 |
----------------------------------+----------------------
One of our eventual goals is to get bridgedb back on its feet, and using
bridge distribution strategies that China can't defeat, but in the mean
time we should document one approach that should still work: setting up
your Tor Browser with a private (not publicized) tor bridge.
In particular, we know many NGOs that would be happy to run unpublished
obfs4 bridges for their people, and give them private bridge addresses
when they visit China.
There are several steps to following through with this idea.
Round one (minimum viable approach):
(1) Document for NGOs how to easily run a few private obfs4 bridges. I've
seen some guides floating around but nothing both simple and obviously
official.
(2) Document for NGOs how they should get these bridge addresses to their
users, and how the users should add them to Tor Browser. On Android it
seems that Orbot hooks the "bridge://" url, so sending bridge addresses
via signal, email, etc should work: the user clicks on the bridge address,
which launches Orbot which adds that bridge to its configuration. Having
docs for actual users, with screenshots and stuff, would be the clear next
step. On desktop the interface choices are messier: see #28015.
(3) Walk a few NGOs through the process from beginning to end, so we can
confirm for ourselves that it works as intended, and so we can have a more
direct connection to actual users to get feedback on all angles of the
user experience.
Round two (once we like round one):
(4) Document for NGOs how to run a series of obfs4 bridges. This could
start with one bridge address per computer, but the longer term answer is
to have a single Tor client binding to many bridge addresses, maybe with
help from the ISP to point these many bridge addresses to that Tor.
(5) Understand if private bridges actually work in China. Apparently
Lantern uses obfs4 and they don't get blocked by DPI, so that's a good
start, but I've also heard stories of DPI-based throttling. In step 3
above we'll get some anecdotal answers, but here we should design and
deploy some recurring experiments from computers inside China that assess
(a) connectivity, (b) whether it can bootstrap, and (c) throughput,
through a private bridge.
(6) We should invent and document some best practices for where NGOs ought
to run their bridges, and how many bridges they need per user. At the
extreme bad end of the spectrum, they would run one bridge and give it to
all of the people attending a given training -- and in that case, apart
from the obvious "what if one of the users is bad and gets the address
blocked" worry, discovering some of the users could lead to discovering
other related users. At the other end of the spectrum is one bridge (on
its own separate ISP) per user. What are some acceptable solutions in
between?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28526>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list