[tor-project] Proposal: rotate default bridge ports each release

David Fifield david at bamsoftware.com
Tue Sep 6 23:28:08 UTC 2016

On Tue, Aug 30, 2016 at 03:44:39PM -0700, David Fifield wrote:
> On Mon, Aug 15, 2016 at 09:45:05PM -0700, David Fifield wrote:
> > Lynn Tsai and I just published a report on the blocking of Tor Browser's
> > default obfs4 bridges.
> > 	https://www.bamsoftware.com/proxy-probe/
> > 	https://www.usenix.org/system/files/conference/foci16/foci16-paper-fifield.pdf
> > One of the things we found is that the Great Firewall of China blocks
> > the default bridges--but it takes a little while after release for them
> > to do it. We saw delays as short as 2 days and as long as 36 days. We
> > also found that when they block a bridge, they don't block the whole IP
> > address; they just block a single port and other ports on the same IP
> > remain accessible.
> > 
> > We can take advantage of these peculiarities by opening additional obfs4
> > ports on the default bridges, and changing the port numbers on each
> > release. We'd keep the old ports open for people who haven't upgraded
> > yet, but those who upgrade will start using the new ports. This way, we
> > can make the bridges temporarily reachable after each new release--at
> > least until the censors figure out what we're doing and start blocking
> > more aggressively.
> The following bridges have each opened up 10 additional obfs4 ports,
> through which we can begin rotating in the next release:
> 	LeifEricson
> 	GreenBelt
> 	MaBishomarim
> 	JonbesheSabz
> 	Azadi

Lynn just filed a ticket to rotate ports for these 5 bridges, plus
The old ports will continue to work.

More information about the tor-project mailing list