[tor-relays] Help the Tor Project by running a fast unpublished bridge

Philipp Winter identity.function at gmail.com
Wed Aug 15 11:53:25 UTC 2012 

On Wed, Aug 15, 2012 at 11:55:55AM +0800, Lorenz Kirchner wrote:
> I'm not a tor expert but I am in China and have been using tor... I brought
> this up before and I still feel that tor would benefit from having special
> (entry)relays inside the GFW that have a reliable link to relays outside the
> GFW. Clients inside GFW could then always connect to these relays. Actually,
> probably tens of thousands of people have VPN connections and they could host
> such relays to provide access to clients, even such that might be completely
> blocked from accessing addresses outside the GFW, which, sadly, that is not so
> uncommon either.

I guess, that would require a modification of the path selection on the clients
side. Usually, Tor clients randomly pick relays weighted by bandwidth. Unless
the Chinese relays would provide an enormous amount of bandwidth, they would
barely get selected by clients which leads to a poor user experience.

Perhaps it's better to focus on improved bridge distribution strategies [0] and
hard-to-block transport protocols [1]. Also, that would be a universal solution
which would also help in other countries and not a specific - and probably hard
to maintain - Chinese-only solution.

> Of course it would be great to reveal as little information as possible about
> such special relays in public... and continue to make the tor connections as
> un-conspicuous as possible

I guess, the firewall operators would notice that quite soon when Chinese relays
would start popping up in the consensus or am I missing something here? And as
soon as something is in the consensus, it's particularly easy to block.

> 20 mbit fiber connections are rapidly becoming commonplace in China. VPNs are
> commonplace already and I think in the case of GFW the tor project could make
> use of this situation.

Aren't these 20 mbit only achievable with domestic traffic? I thought that
international traffic gets throttled a lot in China?

> I'd love to see some sort of an easy deployable tor relay package that could
> listen on both the chinese and vpn address and relay traffic between the two...

For what it's worth, I and a few others are running bridges with the brdgrd tool
[1]. The tool rewrites the first announced window size of a bridge and hence
"forces" the client to split its cipher list in two halves. That way, the
firewall has not been able to recognize Tor so far. The handy thing is, it only
requires modification of bridges and not clients.

Philipp

[0] https://blog.torproject.org/blog/bridge-distribution-strategies
[1] https://www.torproject.org/docs/pluggable-transports.html.en
[2] https://github.com/NullHypothesis/brdgrd

More information about the tor-relays mailing list