[tor-bugs] #28526 [Community/Tor Support]: Document how NGOs can run private obfs4 bridges, and get some doing it

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 4 23:36:48 UTC 2020 

#28526: Document how NGOs can run private obfs4 bridges, and get some doing it
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:  ggus
     Type:  project                              |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:
Component:  Community/Tor Support                |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  education, documentation,            |  Actual Points:
  s30-o24a1, anti-censorship-roadmap-2020Q1      |
Parent ID:  #31281                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30-must
-------------------------------------------------+-------------------------

Comment (by phw):

 Below is a brief summary of where we are.
 [[br]]
 > (1) Document for NGOs how to easily run a few private obfs4 bridges.
 I've seen some guides floating around but nothing both simple and
 obviously official.
 [[br]]
 Over at #31872, we developed a process for distributing private bridges.
 [https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam/NGOBridgeSupport#a2.1TeachtheNGOhowtoruntheirownbridges
 Section 2.1] of the resulting wiki page discusses how to set up a private
 bridge. I just filed #33153 to make it easier to set up a private obfs4
 Docker container. Once this is done, we should mention it on the wiki
 page. Also, we now have
 [https://community.torproject.org/relay/setup/bridge/ official obfs4
 bridge setup guides].

 So far, we talked to three organisations and neither one of them had the
 expertise or ability to set up their own bridges. One organisation
 mentioned that it may be a possibility at some point down the road. We
 ended up working with a volunteer who is now running several private,
 reliable, and fast obfs4 bridges for us, which we sent to these
 organisations. Regardless, we should still make progress towards making it
 easier for these organisations to run their own bridges.
 [[br]]
 > (2) Document for NGOs how they should get these bridge addresses to
 their users, and how the users should add them to Tor Browser. On Android
 it seems that Orbot hooks the "bridge://" url, so sending bridge addresses
 via signal, email, etc should work: the user clicks on the bridge address,
 which launches Orbot which adds that bridge to its configuration. Having
 docs for actual users, with screenshots and stuff, would be the clear next
 step. On desktop the interface choices are messier: see #28015.
 [[br]]
 Before handing out bridges, NGOs need to equip their users with copies of
 Tor Browser. We sent our partnering NGOs GetTor download links. Users in
 China can download Tor Browser over GitLab.

 As for instructions on how to add bridges to Tor Browser: we sent our
 partnering NGOs written instructions in English. It's probably better to
 take [https://tb-manual.torproject.org/circumvention/ our user manual],
 turn it into a PDF in whatever language is needed, and send it to the NGO.
 In the long run, the user manual will hopefully be part of Tor Browser one
 day (see #11698).

 We have yet to work on instructions for Android (see #30317).
 [[br]]
 > (3) Walk a few NGOs through the process from beginning to end, so we can
 confirm for ourselves that it works as intended, and so we can have a more
 direct connection to actual users to get feedback on all angles of the
 user experience.
 [[br]]
 I recently filed #33145 for this. It has been difficult to find NGOs that
 can do this on a large-ish scale. Two organisations distributed private
 obfs4 bridges to their users and we only got feedback from two users. For
 one, the bridge worked perfectly. The other user seemingly failed at
 adding it to their Tor Browser.
 [[br]]
 > (5) Understand if private bridges actually work in China. Apparently
 Lantern uses obfs4 and they don't get blocked by DPI, so that's a good
 start, but I've also heard stories of DPI-based throttling. In step 3
 above we'll get some anecdotal answers, but here we should design and
 deploy some recurring experiments from computers inside China that assess
 (a) connectivity, (b) whether it can bootstrap, and (c) throughput,
 through a private bridge.
 [[br]]
 Private obfs4 bridges work in China. We know this from our measurements in
 #29279, and from our preliminary experience with distributing private
 obfs4 bridges in China.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28526#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list