Bridges and China (new thread)
Rather than continue to hijack the old thread, here's a new one about bridges and china. I'm fully aware the GFW seems to have successfully crawled https://bridges.torproject.org and added all of those bridges into their blocking regime. The email distribution method, brid...@torproject.org, may also have been crawled and added to the blocking regime. There are still 3 other pools of bridge addresses, one of which is held in reserve. It seems the other two methods are continuing to work, as a paltry 5000 connections from China still can access Tor daily. This is vastly smaller than the 100,000 or so we used to get. The other methods of obtaining bridges are slower and more viral. They use social networking technologies like twitter and qq to distribute bridge addresses. I've been told if you search on baidu, you can find such bridge addresses. And until now, they still work. We've given some addresses to trusted networks inside China. What they do with the bridges is up to them. I've heard some are bridge addresses are being released by blog posts, BBS posts, qq, and ads on taobao. I'm assuming the admins of the GFW read or-talk in some fashion. They are doing their job and we're doing ours. Conversely, Tor supports 3rd party http/https proxies. Many people use Tor because they want the privacy aspects of it, not just the ability to circumvent a firewall. You can use the 3rd party http/https proxy as the access layer around the blocking system, and then to tor. This is an arms race, we're working on next steps in it. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bridges and China (new thread)
On Wed, May 26, 2010 at 4:06 PM, wrote: > Rather than continue to hijack the old thread, here's a new one about > bridges and china. > > I'm fully aware the GFW seems to have successfully crawled > https://bridges.torproject.org and added all of those bridges into their > blocking regime. The email distribution method, brid...@torproject.org, > may also have been crawled and added to the blocking regime. There are > still 3 other pools of bridge addresses, one of which is held in > reserve. It seems the other two methods are continuing to work, as a > paltry 5000 connections from China still can access Tor daily. This is > vastly smaller than the 100,000 or so we used to get. Is it worth adding a captcha to bridges.torproject.org? Incidentally, what happens when "adversaries" just block access to that site? How about responding to bridge request emails with a captcha style email attachment with the IPs of bridges? That would kill any automated attempt to scrape the bridges? Al *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bridges and China (new thread)
On Wed, May 26, 2010 at 3:42 PM, Al MailingList wrote: > > Is it worth adding a captcha to bridges.torproject.org? Incidentally, > what happens when "adversaries" just block access to that site? > > How about responding to bridge request emails with a captcha style > email attachment with the IPs of bridges? > > That would kill any automated attempt to scrape the bridges? > > Al > > I have a project called ObfuscaTOR which reads bridge information and displays it using captcha-style encoding. Its a wordpress plugin, and development is kinda stalled. There have been some downloads, and a Reddit post, but other then that interest seemed kind of low. I even had one guy email me to remove the project as I was helping to destroy the Tor Project. This gets around "adversaries" blocking access because any one of the millions of bloggers can include the plugin, so you can't block the whole internet(unless you have a country wide firewall of course;) As far as automated scanning, I have heard China doesn't automate the process so much as they have thousands of workers manually scanning for things such as this. I like your email idea though, its a lot easier to track and block email requests from the same domain. It seems like it would be a lot harder to setup lots of fake mail servers. How about incoming email being filtered based on the sender however? Ryan
Re: Bridges and China (new thread)
On Wed, May 26, 2010 at 08:42:12PM +0100, alpal.mailingl...@gmail.com wrote 1.2K bytes in 26 lines about: : Is it worth adding a captcha to bridges.torproject.org? Incidentally, : what happens when "adversaries" just block access to that site? Is it worth adding, maybe. Most captcha systems assume a program is trying to break it, increasingly, blog spam and such is done by humans paid pennies per hour. : That would kill any automated attempt to scrape the bridges? Assume a human is doing the scraping. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bridges and China (new thread)
hi, andrew, >I've been told if you search on baidu, you can find such bridge addresses. >bridge addresses are being released by blog posts, BBS posts, qq, and ads on >taobao. then bad guys can get and block them too through baidu searching, and more, qq is totally under control of bad guys, we can't trust qq, believe me, I know the truth. >Tor supports 3rd party http/https proxies could you kindly tell me how to use tor above 3rd party https/http proxies? what's the config? sincerely, frank 2010-05-27 - sender: andrew sending date: 2010-05-26 23:07:04 receiver: or-talk cc: subject: Bridges and China (new thread) Rather than continue to hijack the old thread, here's a new one about bridges and china. I'm fully aware the GFW seems to have successfully crawled https://bridges.torproject.org and added all of those bridges into their blocking regime. The email distribution method, brid...@torproject.org, may also have been crawled and added to the blocking regime. There are still 3 other pools of bridge addresses, one of which is held in reserve. It seems the other two methods are continuing to work, as a paltry 5000 connections from China still can access Tor daily. This is vastly smaller than the 100,000 or so we used to get. The other methods of obtaining bridges are slower and more viral. They use social networking technologies like twitter and qq to distribute bridge addresses. I've been told if you search on baidu, you can find such bridge addresses. And until now, they still work. We've given some addresses to trusted networks inside China. What they do with the bridges is up to them. I've heard some are bridge addresses are being released by blog posts, BBS posts, qq, and ads on taobao. I'm assuming the admins of the GFW read or-talk in some fashion. They are doing their job and we're doing ours. Conversely, Tor supports 3rd party http/https proxies. Many people use Tor because they want the privacy aspects of it, not just the ability to circumvent a firewall. You can use the 3rd party http/https proxy as the access layer around the blocking system, and then to tor. This is an arms race, we're working on next steps in it. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bridges and China (new thread)
On Thu, May 27, 2010 at 11:21:50AM +0800, for.tor.bri...@gmail.com wrote 2.7K bytes in 67 lines about: : >I've been told if you search on baidu, you can find such bridge addresses. : >bridge addresses are being released by blog posts, BBS posts, qq, and ads on taobao. : then bad guys can get and block them too through baidu searching, : and more, qq is totally under control of bad guys, we can't trust qq, believe me, I know the truth. The point of releasing the bridge addresses this way is to see how long it takes to go from public publishing to blocking in the GFW. : >Tor supports 3rd party http/https proxies : could you kindly tell me how to use tor above 3rd party https/http proxies? what's the config? There are two ways to do this, through Vidalia or editing your torrc. In Vidalia, go to Settings, Network, and click "I use a proxy to access the Internet", then enter your proxy details. In torrc, see https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyInternetconnectionrequiresanHTTPproxy. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bridges and China (new thread)
On Thu, 27 May 2010 17:17:51 +0800 代尔欣 wrote: > I also have this problem(bridges are blocked) and sent a mail > several days ago. Now I know what happened. But how to get a *free* > http proxy address? I searched on internet. It seems not easy find a > valid one. There are millions of http/https proxies out there. Try http://proxy.org/ as a starting point. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bridges and China (new thread)
Hi, after reading the new developments concerning the chinese GFW, I wonder what technically interested people or even people with server capabilities could do, to help fight censorship (besides running a TOR relay/node/exit/hidden service or some webproxy). Are there other services/systems someone could install/run to help people in China, Iran ... (or maybe even actively fight censorship) ? Niklas *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Re: Bridges and China (new thread)
hi andrew, thanks a lot for your prompt reply. >In torrc, see >https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyInternetconnectionrequiresanHTTPproxy. ok, got it, I prefer this way, thanks a lot. sincerely, frank 2010-05-27 - sender: andrew sending date: 2010-05-27 11:42:55 receiver: or-talk cc: subject: Re: Bridges and China (new thread) On Thu, May 27, 2010 at 11:21:50AM +0800, for.tor.bri...@gmail.com wrote 2.7K bytes in 67 lines about: : >I've been told if you search on baidu, you can find such bridge addresses. : >bridge addresses are being released by blog posts, BBS posts, qq, and ads on taobao. : then bad guys can get and block them too through baidu searching, : and more, qq is totally under control of bad guys, we can't trust qq, believe me, I know the truth. The point of releasing the bridge addresses this way is to see how long it takes to go from public publishing to blocking in the GFW. : >Tor supports 3rd party http/https proxies : could you kindly tell me how to use tor above 3rd party https/http proxies? what's the config? There are two ways to do this, through Vidalia or editing your torrc. In Vidalia, go to Settings, Network, and click "I use a proxy to access the Internet", then enter your proxy details. In torrc, see https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyInternetconnectionrequiresanHTTPproxy. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Re: Bridges and China (new thread)
hi, andrew ##You will need an http proxy for doing GET requests to fetch the Tor directory, ##and you will need an https proxy for doing CONNECT requests to get to Tor relays. ##(It's fine if they're the same proxy.) #HttpProxy IP:port #HttpsProxy IP:port my question: why not put the tor directory server in https mode too? sincerely, frank 2010-05-27 - sender: andrew sending date: 2010-05-27 11:42:55 receiver: or-talk cc: subject: Re: Bridges and China (new thread) On Thu, May 27, 2010 at 11:21:50AM +0800, for.tor.bri...@gmail.com wrote 2.7K bytes in 67 lines about: : >I've been told if you search on baidu, you can find such bridge addresses. : >bridge addresses are being released by blog posts, BBS posts, qq, and ads on taobao. : then bad guys can get and block them too through baidu searching, : and more, qq is totally under control of bad guys, we can't trust qq, believe me, I know the truth. The point of releasing the bridge addresses this way is to see how long it takes to go from public publishing to blocking in the GFW. : >Tor supports 3rd party http/https proxies : could you kindly tell me how to use tor above 3rd party https/http proxies? what's the config? There are two ways to do this, through Vidalia or editing your torrc. In Vidalia, go to Settings, Network, and click "I use a proxy to access the Internet", then enter your proxy details. In torrc, see https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyInternetconnectionrequiresanHTTPproxy. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Re: Bridges and China (new thread)
I am using the 3rd party http proxy now,and stop the proxy when tor start-up successfully . So i can use tor now. 在 2010年5月27日 下午12:36,frank 写道: > hi, andrew > > ##You will need an http proxy for doing GET requests to fetch the Tor > directory, > ##and you will need an https proxy for doing CONNECT requests to get to Tor > relays. > ##(It's fine if they're the same proxy.) > #HttpProxy IP:port > #HttpsProxy IP:port > > my question: > why not put the tor directory server in https mode too? > > sincerely, > > frank > 2010-05-27 > > - > sender: andrew > sending date: 2010-05-27 11:42:55 > receiver: or-talk > cc: > subject: Re: Bridges and China (new thread) > > On Thu, May 27, 2010 at 11:21:50AM +0800, for.tor.bri...@gmail.com wrote > 2.7K bytes in 67 lines about: > : >I've been told if you search on baidu, you can find such bridge > addresses. > : >bridge addresses are being released by blog posts, BBS posts, qq, and > ads on taobao. > : then bad guys can get and block them too through baidu searching, > : and more, qq is totally under control of bad guys, we can't trust qq, > believe me, I know the truth. > > The point of releasing the bridge addresses this way is to see how long > it takes to go from public publishing to blocking in the GFW. > > : >Tor supports 3rd party http/https proxies > : could you kindly tell me how to use tor above 3rd party https/http > proxies? what's the config? > > There are two ways to do this, through Vidalia or editing your torrc. > In Vidalia, go to Settings, Network, and click "I use a proxy to access > the Internet", then enter your proxy details. > > In torrc, see > > https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyInternetconnectionrequiresanHTTPproxy > . > > -- > Andrew Lewman > The Tor Project > pgp 0x31B0974B > > Website: https://www.torproject.org/ > Blog: https://blog.torproject.org/ > Identi.ca: torproject > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > -- Dare
Re: Re: Bridges and China (new thread)
On Thu, May 27, 2010 at 12:36:51PM +0800, for.tor.bri...@gmail.com wrote 2.1K bytes in 57 lines about: : why not put the tor directory server in https mode too? Your client makes a 1-hop tunnel to the directory server if it needs to get the consensus file. You can read all about how Tor works by reading the spec files at https://gitweb.torproject.org/tor.git/tree/HEAD:/doc/spec -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Re: Re: Bridges and China (new thread)
Dare, congratulations. :-) sincerely, frank 2010-05-27 - sender: Dare sending date: 2010-05-27 15:20:59 receiver: or-talk cc: subject: Re: Re: Bridges and China (new thread) I am using the 3rd party http proxy now,and stop the proxy when tor start-up successfully . So i can use tor now. 在 2010年5月27日 下午12:36,frank 写道: > hi, andrew > > ##You will need an http proxy for doing GET requests to fetch the Tor > directory, > ##and you will need an https proxy for doing CONNECT requests to get to Tor > relays. > ##(It's fine if they're the same proxy.) > #HttpProxy IP:port > #HttpsProxy IP:port > > my question: > why not put the tor directory server in https mode too? > > sincerely, > > frank > 2010-05-27 > > - > sender: andrew > sending date: 2010-05-27 11:42:55 > receiver: or-talk > cc: > subject: Re: Bridges and China (new thread) > > On Thu, May 27, 2010 at 11:21:50AM +0800, for.tor.bri...@gmail.com wrote > 2.7K bytes in 67 lines about: > : >I've been told if you search on baidu, you can find such bridge > addresses. > : >bridge addresses are being released by blog posts, BBS posts, qq, and > ads on taobao. > : then bad guys can get and block them too through baidu searching, > : and more, qq is totally under control of bad guys, we can't trust qq, > believe me, I know the truth. > > The point of releasing the bridge addresses this way is to see how long > it takes to go from public publishing to blocking in the GFW. > > : >Tor supports 3rd party http/https proxies > : could you kindly tell me how to use tor above 3rd party https/http > proxies? what's the config? > > There are two ways to do this, through Vidalia or editing your torrc. > In Vidalia, go to Settings, Network, and click "I use a proxy to access > the Internet", then enter your proxy details. > > In torrc, see > > https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyInternetconnectionrequiresanHTTPproxy > . > > -- > Andrew Lewman > The Tor Project > pgp 0x31B0974B > > Website: https://www.torproject.org/ > Blog: https://blog.torproject.org/ > Identi.ca: torproject > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > -- Dare N�Р骒r��z千u┺�ē�茛j-⒑k�7���嗦+a�{.n�+�法�芝�)��骅w(m���j�!�鳜彪ア�?⒖�jY?
Re: Re: Re: Bridges and China (new thread)
Hi list, I also have this problem(bridges are blocked) and sent a mail several days ago. Now I know what happened. But how to get a *free* http proxy address? I searched on internet. It seems not easy find a valid one. Thanks! 在 2010年5月27日 下午4:25,frank 写道: > Dare, > > congratulations. :-) > > sincerely, > > frank > 2010-05-27 > > - > sender: Dare > sending date: 2010-05-27 15:20:59 > receiver: or-talk > cc: > subject: Re: Re: Bridges and China (new thread) > > I am using the 3rd party http proxy now,and stop the proxy when > tor start-up successfully . So i can use tor now. > > 在 2010年5月27日 下午12:36,frank 写道: > >> hi, andrew >> >> ##You will need an http proxy for doing GET requests to fetch the Tor >> directory, >> ##and you will need an https proxy for doing CONNECT requests to get to Tor >> relays. >> ##(It's fine if they're the same proxy.) >> #HttpProxy IP:port >> #HttpsProxy IP:port >> >> my question: >> why not put the tor directory server in https mode too? >> >> sincerely, >> >> frank >> 2010-05-27 >> >> ----- >> sender: andrew >> sending date: 2010-05-27 11:42:55 >> receiver: or-talk >> cc: >> subject: Re: Bridges and China (new thread) >> >> On Thu, May 27, 2010 at 11:21:50AM +0800, for.tor.bri...@gmail.com wrote >> 2.7K bytes in 67 lines about: >> : >I've been told if you search on baidu, you can find such bridge >> addresses. >> : >bridge addresses are being released by blog posts, BBS posts, qq, and >> ads on taobao. >> : then bad guys can get and block them too through baidu searching, >> : and more, qq is totally under control of bad guys, we can't trust qq, >> believe me, I know the truth. >> >> The point of releasing the bridge addresses this way is to see how long >> it takes to go from public publishing to blocking in the GFW. >> >> : >Tor supports 3rd party http/https proxies >> : could you kindly tell me how to use tor above 3rd party https/http >> proxies? what's the config? >> >> There are two ways to do this, through Vidalia or editing your torrc. >> In Vidalia, go to Settings, Network, and click "I use a proxy to access >> the Internet", then enter your proxy details. >> >> In torrc, see >> >> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyInternetconnectionrequiresanHTTPproxy >> . >> >> -- >> Andrew Lewman >> The Tor Project >> pgp 0x31B0974B >> >> Website: https://www.torproject.org/ >> Blog: https://blog.torproject.org/ >> Identi.ca: torproject >> *** >> To unsubscribe, send an e-mail to majord...@torproject.org with >> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ >> >> *** >> To unsubscribe, send an e-mail to majord...@torproject.org with >> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ >> > > > > -- > Dare > *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Re: Re: Bridges and China (new thread)
thanks a lot for your kind help, andrew. sincerely, frank 2010-05-28 - sender: andrew sending date: 2010-05-27 19:35:14 receiver: or-talk cc: subject: Re: Re: Bridges and China (new thread) On Thu, May 27, 2010 at 12:36:51PM +0800, for.tor.bri...@gmail.com wrote 2.1K bytes in 57 lines about: : why not put the tor directory server in https mode too? Your client makes a 1-hop tunnel to the directory server if it needs to get the consensus file. You can read all about how Tor works by reading the spec files at https://gitweb.torproject.org/tor.git/tree/HEAD:/doc/spec -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Re: Re: Bridges and China (new thread)
Bad news,i can't connect tor now.I get a http proxy and it can be used at IE.But my tor can't use it, this is the log: 28 23:33:19.187 [Notice] Tor v0.2.1.26. This is experimental software. Do not rely on it for strong anonymity. (Running on Windows XP Service Pack 3 [workstation] {terminal services, single user}) 28 23:33:19.296 [Notice] Initialized libevent version 1.4.12-stable using method win32. Good. 28 23:33:19.296 [Notice] Opening Socks listener on 127.0.0.1:9050 28 23:33:19.296 [Notice] Opening Control listener on 127.0.0.1:9051 28 23:33:19.296 [Notice] Parsing GEOIP file. How can i fix it? 2010/5/28 frank > thanks a lot for your kind help, andrew. > > sincerely, > > frank > 2010-05-28 > > - > sender: andrew > sending date: 2010-05-27 19:35:14 > receiver: or-talk > cc: > subject: Re: Re: Bridges and China (new thread) > > On Thu, May 27, 2010 at 12:36:51PM +0800, for.tor.bri...@gmail.com wrote > 2.1K bytes in 57 lines about: > : why not put the tor directory server in https mode too? > > Your client makes a 1-hop tunnel to the directory server if it needs to > get the consensus file. > > You can read all about how Tor works by reading the spec files at > https://gitweb.torproject.org/tor.git/tree/HEAD:/doc/spec > > -- > Andrew Lewman > The Tor Project > pgp 0x31B0974B > > Website: https://www.torproject.org/ > Blog: https://blog.torproject.org/ > Identi.ca: torproject > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > -- Dare