[tor-dev] Feature Request: please consider ship default Tor bridges

David Fifield david at bamsoftware.com
Thu Aug 17 18:08:29 UTC 2017

On Thu, Aug 17, 2017 at 05:19:44PM +0000, iry wrote:
> A set of Tor bridges are shipped with Tor browser bundle[0], helping
> users in Tor-censored area to connection to the Tor network. Since
> system Tor users may also face the censorship problem, shall we
> ship some Tor bridges along with the tor package?
> The request is firstly reported[0] to Debian BTS and I got the
> following reply by Peter:
> > If upstream starts shipping bridges with their Tor releases, that
> > would naturally result in the Tor package shipping bridges as
> > well.
> > 
> > I do not know whether that's a good idea or not, but I don't think 
> > deviating from upstream would be particularly worthwhile.

To get an idea of how frequently the list of default bridges has
changed, see the tbb-bridges keyword in the bug tracker:

> The default bridge shipped with tor package should be exactly the same
> bridges contained in bridge_prefs.js[0] shipped with the latest stable
> TBB. This is because:
> 1. The servers hosting default bridges are set up for huge amount of
> traffic;
> 2. The servers hosting default bridges are probably audited by TPO for
> better security;
> 3. Using a different set of bridges will distinguish the
> anon-connection-wizard bridge users from the TBB bridge users, which
> compromises their anonymity.

There is an argument for using a different set of default bridges: when
one of the Tor Browser ones gets blocked, it won't affect the Debian
ones. For example, for a while, Orbot had some additional bridges that
Tor Browser did not have. When the firewall of China blocked the Tor
Browser bridges, the Orbot ones continued working for another nine
months (until they got blocked for a different reason). We know that at
least China and Kazakhstan pay attention to the default Tor Browser
bridges (and China blocks them as soon as they enter the source code,
even before a release).

So having a few bridges that are not shared with Tor Browser has that
advantage, at least. Of course, it's basically security by obscurity,
because a censor that can discover the Tor Browser bridges can (in
theory) also discover some other static list of bridges. But in practice
it will take censors time to build automation to read from a new list,
default bridges are security by obscurity anyway, though surprisingly
effective for that.

More information about the tor-dev mailing list