This reimplementation will provide the following benefits over the old BridgeDB: We therefore started working on a more flexible and lightweight reimplementation. It's heavily tailored towards a specific purpose, making it difficult to extend and generalize. Resource limitationsīridgeDB, our existing bridge distribution system, is showing its age.
Fortunately, most censoring countries are limited in the amount of time, money, and talent that they can dedicate to blocking the Tor network, which is why BridgeDB is still effective in many places. H anding out bridges to users while preventing censors from learning them all remains a hard problem, but more on that later. CAPTCHAs are not the only defense to prevent censors from learning all bridges since in the age of deep learning, CAPTCHAs represent but a small obstacle. After the user solves a CAPTCHA, BridgeDB will return up to three bridges. We currently use the service BridgeDB to hand out bridges to our users. One also needs an unblocked endpoint to connect, and this is where the trouble starts.
Unfortunately, obfs4 being unblocked is not enough. The latest iteration in the obfs series, obfs4, still currently works in China in the sense that the GFW cannot (or chooses not to) block it by simply looking at bytes on the wire. The GFW is able to detect the obfs2 and obfs3 protocol on the wire, meaning that it can detect these protocols by simply looking at the bytes that cross the national perimeter. What are our challenges ? Technological obstaclesīoth the protocol and the endpoint must resist detection. Microsoft's Azure CDN (which meek-azure is based on ) is expensive, which is why we have to place a traffic cap on the meek-azure bridge. While meek-azure should work everywhere (including behind the GFW), it is overloaded and therefore slow. We are currently stress testing the system to handle more users as we move towards a stable release. Our most recent changes added a new set of STUN servers, making Snowflake available in China and other places that block access to Google services. Snowflake is currently only available in our Tor Browser alpha version but is on track to be part of Tor Browser stable. We are currently implementing a social bridge distribution system called Salmon, which will make it significantly harder for the GFW to block obfs4 bridges. Unfortunately, many of the bridges you obtain this way may not work in China. You can request obfs4 bridges in three ways: directly in Tor Browser, by visiting, or by sending an email to More technical users can set up their own obfs4 bridge.
If you are unable to connect to our default bridges, you currently have three options:
0 kommentar(er)
