[tor-relays] BridgeDB currently up but non-functional?

Wed Jun 19 23:30:40 UTC 2019

Hi, all. While skimming /r/tor on Reddit I saw a couple of posts saying 
they hadn't been able to get any usable bridges for several days, and 
thought I'd check into it. I downloaded & installed a fresh copy of the 
Windows TBB 8.5.1 and had it ask for bridges via Moat, and received 2 
(not 3?) obfs4 bridge lines. Here's the Tor log from the "copy to 
clipboard" button that popped up on the TBB "connecting" dialog when it 
stalled at about 3/4th of the progress bar:

6/19/19, 10:46:16.735 [NOTICE] DisableNetwork is set. Tor will not make 
or accept non-control network connections. Shutting down all existing 
connections.
6/19/19, 10:46:16.735 [NOTICE] Switching to guard context "bridges" (was 
using "default")
6/19/19, 10:46:16.735 [NOTICE] DisableNetwork is set. Tor will not make 
or accept non-control network connections. Shutting down all existing 
connections.
6/19/19, 10:46:16.736 [NOTICE] DisableNetwork is set. Tor will not make 
or accept non-control network connections. Shutting down all existing 
connections.
6/19/19, 10:46:16.736 [NOTICE] Opening Socks listener on 127.0.0.1:9150
6/19/19, 10:46:16.736 [NOTICE] Opened Socks listener on 127.0.0.1:9150
6/19/19, 10:46:16.736 [NOTICE] Renaming old configuration file to 
"C:\Downloads\Tor Browser 8.5.1 - 
Copy\Browser\TorBrowser\Data\Tor\torrc.orig.1"
6/19/19, 10:46:23.608 [NOTICE] Bootstrapped 5%: Connecting to directory 
server
6/19/19, 10:46:23.611 [NOTICE] Bootstrapped 10%: Finishing handshake 
with directory server
6/19/19, 10:46:24.558 [NOTICE] Bootstrapped 15%: Establishing an 
encrypted directory connection
6/19/19, 10:46:24.748 [NOTICE] Bootstrapped 20%: Asking for 
networkstatus consensus
6/19/19, 10:46:24.954 [NOTICE] new bridge descriptor 'eldritchworld' 
(fresh): $<BRIDGE 1 FINGERPRINT REDACTED>~eldritchworld at <BRIDGE 1 IP 
REDACTED>
6/19/19, 10:46:25.589 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:26.781 [NOTICE] Bootstrapped 25%: Loading networkstatus 
consensus
6/19/19, 10:46:28.291 [NOTICE] I learned some more directory 
information, but not enough to build a circuit: We have no usable consensus.
6/19/19, 10:46:28.482 [NOTICE] Bootstrapped 40%: Loading authority key certs
6/19/19, 10:46:28.997 [NOTICE] The current consensus has no exit nodes. 
Tor can only build internal paths, such as paths to onion services.
6/19/19, 10:46:28.997 [NOTICE] Bootstrapped 45%: Asking for relay 
descriptors for internal paths
6/19/19, 10:46:28.997 [NOTICE] I learned some more directory 
information, but not enough to build a circuit: We need more 
microdescriptors: we have 0/6440, and can only build 0% of likely paths. 
(We have 100% of guards bw, 0% of midpoint bw, and 0% of end bw (no 
exits in consensus, using mid) = 0% of path bw.)
6/19/19, 10:46:28.997 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:28.997 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:28.997 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:28.997 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:28.997 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:28.997 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.275 [NOTICE] Bootstrapped 50%: Loading relay 
descriptors for internal paths
6/19/19, 10:46:29.463 [NOTICE] The current consensus contains exit 
nodes. Tor can build exit and internal paths.
6/19/19, 10:46:29.463 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.463 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.463 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.514 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.514 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.672 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.672 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:29.672 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.283 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.283 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.283 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.636 [NOTICE] Bootstrapped 57%: Loading relay descriptors
6/19/19, 10:46:30.636 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.636 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.636 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.636 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.636 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.684 [NOTICE] Bootstrapped 64%: Loading relay descriptors
6/19/19, 10:46:30.684 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.733 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.733 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.733 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.873 [NOTICE] Bootstrapped 73%: Loading relay descriptors
6/19/19, 10:46:30.873 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.873 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.881 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.881 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.881 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.937 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:30.969 [NOTICE] Ignoring directory request, since no 
bridge nodes are available yet.
6/19/19, 10:46:44.618 [WARN] Proxy Client: unable to connect to <BRIDGE 
2 IP REDACTED> ("general SOCKS server failure")

It looks like bridge 1 (eldritchworld) gave me bad/incomplete relay info 
which prevented making circuits, and then Tor failed to connect to the 
fallback bridge 2 at all. Checking Relay Search, it shows that 
eldritchworld is a normal healthy-looking bridge that's been up for 
months with plenty of connections and data being transferred, so I don't 
know what's wrong there.

So, since the Moat bridges didn't work, I went to the BridgeDB request 
web page to try that. Clicking the "Just give me bridges" button and 
doing the captcha returned "Uh oh, spaghettios! There currently aren't 
any bridges available... Perhaps you should try going back and choosing 
a different bridge type!". What, no vanilla bridges available at all? 
Seriously? (As a side note, cutesy errors are pretty annoying when 
things are failing. Just sayin'.) And as usual the Metrics page still 
shows about 1000 bridges, so something's badly broken. I know the new 
bridgedb release doesn't give out ORports if there's a secure PT 
offered, but last I checked the majority of bridges were just vanilla, 
so surely there must be enough to put some into whichever bridge pool 
ring my request was pulled from.

I then tried asking for obfs4 bridges instead, and it did give me one 
(again, not 3?). With another fresh install of the TBB and entering that 
bridge line, the log shows:

6/19/19, 10:59:43.912 [NOTICE] DisableNetwork is set. Tor will not make 
or accept non-control network connections. Shutting down all existing 
connections.
6/19/19, 10:59:43.912 [NOTICE] Switching to guard context "bridges" (was 
using "default")
6/19/19, 10:59:43.912 [NOTICE] DisableNetwork is set. Tor will not make 
or accept non-control network connections. Shutting down all existing 
connections.
6/19/19, 10:59:43.912 [NOTICE] DisableNetwork is set. Tor will not make 
or accept non-control network connections. Shutting down all existing 
connections.
6/19/19, 10:59:43.912 [NOTICE] Opening Socks listener on 127.0.0.1:9150
6/19/19, 10:59:43.912 [NOTICE] Opened Socks listener on 127.0.0.1:9150
6/19/19, 10:59:43.912 [NOTICE] Renaming old configuration file to 
"C:\Downloads\Tor Browser 8.5.1 - 
Copy\Browser\TorBrowser\Data\Tor\torrc.orig.1"
6/19/19, 10:59:50.761 [NOTICE] Bootstrapped 5%: Connecting to directory 
server
6/19/19, 10:59:50.762 [NOTICE] Bootstrapped 10%: Finishing handshake 
with directory server
6/19/19, 11:00:11.767 [WARN] Proxy Client: unable to connect to <BRIDGE 
3 IP> ("general SOCKS server failure")

So this 3rd bridge also failed to connect at all. With the Moat and 
website requests both returning bad/dead bridges (if any), the last 
thing to try was the email request channel. I sent "request bridges" to 
bridges at torproject.org and it replied back "Here are your bridges: None, 
None, None".

Well, okay then. Maybe if I try again later, which should give me 
different bridges to use? According to the bridgedb config file checked 
into the git repo, the rotation periods for the Moat and website bridge 
pool query positions are both 3 hours. So I waited 3.5 hours and tried 
those tests again on another fresh TBB install copy, and both Moat and 
the website returned back to me the exact same bridges as before, which 
then failed in the same ways as before. Maybe the running server isn't 
using the checked-in config settings? Waiting another 8 hours (11.5 
total since the first try), Moat gave me the same first bridge but 
finally a different second bridge (still not 3), but that one also 
failed to connect at all with the same "general SOCKS server failure". 
The website still claims there are no vanilla bridges available at all, 
and gives me back the same single obfs4 choice as before, which still 
won't connect at all.

I don't know if it's the link between the bridge authority and the 
bridgdb server, or the new bridgedb release that just came out or what, 
but something's badly broken and the bridgedb appears to be pretty much 
useless right now. My test environment is very standard, just Windows 10 
Pro using only IPV4 from a normal US ISP (Frontier FIOS near Portland, 
OR) with no proxy, running a fresh copy of the current TBB build. The 
TBB works fine if I don't use a bridge or if I manually enter the bridge 
info for a private bridge relay I temporarily set up, and I have no 
other internet issues.

Could someone else check if they see similar problems? Other people 
should supposedly get different bridgedb results pulled from the other 
bridge pool rings, but even if it's somehow only affecting one pool 
ring, that's like 20-25% of the bridgedb's users left with no viable 
results. Looking at the Metrics site I don't see any drop in current 
bridge user counts (actually it's in an uptrend, along with all tor user 
counts lately) but I'd assume most bridge users already have working 
bridge lines cached, so this would only affect new users or those whose 
old choices have gone down, but both of those categories will only grow 
with time.