[tor-relays] (Announcement) WebTunnel, a new pluggable transport for bridges, now available for deployment

Thu Jun 29 14:38:13 UTC 2023

Dear Tor relay operators,

We're excited to announce WebTunnel, a new bridge pluggable transport 
(PT) for the Tor ecosystem. It is a censor resistant proxy that try to 
imitate HTTPS traffic, based on 
HTTPT(https://www.usenix.org/conference/foci20/presentation/frolov) 
research. We are currently operating a trial soft launch for WebTunnel, 
and encouragebridge operators to setup WebTunnel bridges to discover 
issues within theimplementation of this newpluggable transport.

How it works
------------

When connecting to a WebTunnel Bridge, the client send a http 1.1 
upgrade request to the load balancer over an encrypted connection, like 
how WebSocket works. Thus, from an observator’s point of view, this 
process looks like a real websocket connection to the real website. If 
one ever try to connect to the fronting website, then what will be 
presented will be that fronting website. Without the full URL including 
the path, which the censor don’t know, it is very difficult to tell if a 
website hosts a WebTunnel by probing the HTTPS port.

Technical requirements
----------------------

To set up a WebTunnel Bridge, you will need a self-hosted website,a 
domain under your control,a configurable load balancer, static IPv4, and 
environment to setup Tor Bridge to setup a WebTunnel Bridge. Docker or 
other container runtime is recommended to streamline setup process, but 
is not required.

The setup guide is available here: 
_https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel#docker-setup_ 
<https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel#docker-setup>

How to test and report issues
-----------------------------

You can test the WebTunnel bridge by using themost recent version of Tor 
Browser Alpha(https://www.torproject.org/download/alpha/). Currently, 
WebTunnel is only distributed over the HTTPSdistributor(torrc 
setting:'BridgeDistribution https').

You can report issues on the Tor Project GitLab Anti-censorship group: 
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.

Given that this new PT is only available now on Tor Browser Alpha, relay 
operators should not expect significant usage or a large number of users 
at the moment.

Please let us know if you encountered any difficulty with WebTunnel 
setup. Thanks for your contribution to the Tor ecosystem.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230629/0bc17a21/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230629/0bc17a21/attachment.sig>