[tor-bugs] #30500 [Circumvention/Censorship analysis]: Can the GFW still do DPI for "new" vanilla Tor?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 13 23:47:37 UTC 2019
#30500: Can the GFW still do DPI for "new" vanilla Tor?
-------------------------------------------------+-------------------------
Reporter: phw | Owner: (none)
Type: task | Status: assigned
Priority: Low | Milestone:
Component: Circumvention/Censorship | Version:
analysis |
Severity: Normal | Keywords: gfw, china
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
I heard from a team of researchers that they failed to get their vanilla
bridge probed by the GFW, despite connections from several vantage points
in China. I set out to test this myself. Here are the results:
1. I repeatedly established a vanilla Tor connection from a VPS in China
(running 0.3.2.10) to a bridge in the U.S. (running 0.2.9.16, and later
0.4.1.0-alpha-dev).
2. All bridge connections bootstrapped to 100%. There was neither active
probing nor blocking.
3. I then used the tool [https://github.com/nullhypothesis/tcis tcis] on
the China VPS to simulate a Tor handshake. The tool creates a TLS client
hello as sent by a rather old Tor version -- I don't remember how old,
exactly.
4. After running tcis, I immediately got my bridge probed and blocked.
The above makes me wonder if newer Tor versions changed their TLS
handshake in a way that the GFW's DPI rules haven't caught up yet. It
would be interesting to test this hypothesis and, if it's true, to find
out what Tor changed in its TLS handshake.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30500>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list