[tor-relays] Final Call: Last Opportunity to Participate in the Tor Update Survey - Closes Tomorrow!

[Meitong Wang via tor-relays]

Dear Tor Relay Operators,

We hope this email finds you well. This is our final outreach regarding the Tor 
Update Survey, and we want to extend a sincere thank you to those who have 
already participated. Your valuable contributions have been invaluable to our 
research project at the University of Edinburgh.

For those who haven't had the opportunity to take part yet, we wanted to remind 
you that the survey will be closing tomorrow, the 23rd of July. If you are 
interested in sharing your insights towards updates as a Tor relay operator, we 
kindly request you to participate now and make your voice heard.

Your participation in this survey is crucial for understanding the challenges 
and developments within the Tor network. Your responses will be treated with 
the utmost confidentiality, and all data will be anonymized to ensure your 
privacy.

Taking the survey will take approximately 10 minutes, and we genuinely 
appreciate the time and effort you invest in contributing to this research.

To participate, please click on the following link: 
https://cryptpad.fr/form/#/2/form/view/dvbbDORTjeztLzosbOuGVaRheI-FBjFh6xPQmT79cak/

Once again, we would like to express our gratitude for your interest and 
support in this project. Your input will contribute to the continued growth and 
improvement of the Tor network.

If you have already participated or are unable to participate at this time, we 
sincerely thank you for considering our invitation.

Should you have any questions or require further information, please do not 
hesitate to reach out to us.

Thank you, and we truly appreciate your attention to this matter.

Best regards,

Meitong Wang & Tariq Elahi
The University of Edinburgh is a charitable body, registered in Scotland, with 
registration number SC005336. Is e buidheann carthannais a th' ann an Oilthigh 
Dh?n ?ideann, cl?raichte an Alba, ?ireamh cl?raidh SC005336.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Hi,

Great question. First, it is important to highlight that sometimes
censorship is not implemented uniformly across all ISPs in a country.
For example, see Tor Metrics in Russia:
- 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-23=2023-07-22=ru=off
- 
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-23=2023-07-22=ru

And sometimes you'll find some interesting metrics anomalies, e.g., in
China:
- Vanilla Tor connections spikes:
  
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-23=2023-07-22=cn=off
- Bridge users:
  
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-23=2023-07-22=cn

Second, in Turkmenistan case, it appears that one ISP (AGTS) had different
censorship rules compared to their main ISP, Turkmentelecom. As a result,
AGTS clients were able to use tools like tor-relay-scanner[1] to find
unblocked Tor relays and use them as Tor "vanilla OR bridges" to bypass
the block.

But, this workaround was blocked in AGTS/Turkmenistan last week and it
is no longer effective.

Gus

[1] https://github.com/ValdikSS/tor-relay-scanner

On Sat, Jul 22, 2023 at 03:47:18PM +0200, telekobold wrote:
> Hi,
> 
> just a question out of interest: If there is such a massive blocking of Tor
> in Turkmenistan, how can it be that there seem to have been measured between
> 1500 and 1 direct connections with Tor from Turkmenistan this year [1]?
> The curve has had a very sharp drop to almost zero recently, but I would
> have expected it to be close to zero all along given the reports.
> 
> The number of clients directly connected to Tor seems to be even comparable
> to the number of clients connected via bridges for the last months [2].
> 
> Kind regards
> telekobold
> 
> [1] 
> https://metrics.torproject.org/userstats-relay-country.html?start=2023-01-01=2023-07-22=tm
> [2] 
> https://metrics.torproject.org/userstats-bridge-country.html?start=2023-01-01=2023-07-22=tm
> 
> On 21.07.23 18:07, gus wrote:
> > Hi,
> > 
> > New update: In the last few weeks, internal political conflicts and
> > other events[1] in Turkmenistan have led to another wave of censorship
> > on Tor and anti-censorship tools. Tor bridges have been one of the few
> > free alternatives for people in Turkmenistan to connect with the world
> > and access the open Internet.
> > 
> > If you have access to an IP range that has never seen the light of day,
> > a stable residential connection, or access to your university network,
> > you can help thousands of people connect to the internet in
> > Turkmenistan.
> > 
> > Tor bridges running on residential connections, on dynamic IPv4 address,
> > or on unblocked IP ranges are effective, but are regularly discovered
> > and blocked by censors, thus making us to call for new bridges. These
> > bridges must run on specific obfs4 ports: 80, 8080, or 443. See below
> > the example of torrc for your bridge. If it's your first time running a
> > bridge, please follow our official guide:
> > .
> > 
> > Finding an IP range that is unblocked-in the country is not easy.
> > However, bridges in universities and IP ranges in US have been of great
> > help to people in Turkmenistan.
> > Please note that it's not possible to run IPv6-only bridges and
> > Turkmenistan has a very small adoption of IPv6.
> > 
> > If you run a bridge to help people in Turkmenistan, send your bridge
> > line to frontd...@torproject.org. We will share your bridge with people
> > that really need it!
> > 
> > A bridge line is composed of:
> > 
> > IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
> > 
> > If you need help to build your bridge line, please check the official
> > guide: https://community.torproject.org/relay/setup/bridge/post-install/
> > 
> > ## Other Pluggable Transports
> > 
> > - Snowflake has been blocked in the country since 2021:
> >  - STUN servers are running on blocked IP ranges
> >  - When we found an available STUN server, it didn't find a proxy to
> >match (probably because of the TM's IP range rules). For more
> > information, see this ticket[2].
> > 
> > - Meek[3] (domain fronting) is one of the few techniques that
> >consistently works, but with reduced speed. While there is a dedicated
> > bridge for TM, its cost is high.
> > 
> > - Conjure[4] was successfully tested, but more development hours are
> >still needed for its maintenance and stabilization. Currently it is
> > only available on Tor Browser Alpha and some other Tor powered apps.
> > 
> > - WebTunnel[5] could potentially work, but like obfs4 bridges, it
> >depends on whether the website is hosted on an IP range that is not
> > blocked in Turkmenistan.
> > 
> > ## Research and other resources
> > 
> > If you would like to learn more about censorship in Turkmenistan,
> > ntc.party is a great resource (posts in Russian):
> > 

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[telekobold]

Hi,

just a question out of interest: If there is such a massive blocking of 
Tor in Turkmenistan, how can it be that there seem to have been measured 
between 1500 and 1 direct connections with Tor from Turkmenistan 
this year [1]? The curve has had a very sharp drop to almost zero 
recently, but I would have expected it to be close to zero all along 
given the reports.


The number of clients directly connected to Tor seems to be even 
comparable to the number of clients connected via bridges for the last 
months [2].


Kind regards
telekobold

[1] 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-01-01=2023-07-22=tm
[2] 
https://metrics.torproject.org/userstats-bridge-country.html?start=2023-01-01=2023-07-22=tm


On 21.07.23 18:07, gus wrote:

Hi,

New update: In the last few weeks, internal political conflicts and
other events[1] in Turkmenistan have led to another wave of censorship
on Tor and anti-censorship tools. Tor bridges have been one of the few
free alternatives for people in Turkmenistan to connect with the world
and access the open Internet.

If you have access to an IP range that has never seen the light of day,
a stable residential connection, or access to your university network,
you can help thousands of people connect to the internet in
Turkmenistan.

Tor bridges running on residential connections, on dynamic IPv4 address,
or on unblocked IP ranges are effective, but are regularly discovered
and blocked by censors, thus making us to call for new bridges. These
bridges must run on specific obfs4 ports: 80, 8080, or 443. See below
the example of torrc for your bridge. If it's your first time running a
bridge, please follow our official guide:
.

Finding an IP range that is unblocked-in the country is not easy.
However, bridges in universities and IP ranges in US have been of great
help to people in Turkmenistan.
Please note that it's not possible to run IPv6-only bridges and
Turkmenistan has a very small adoption of IPv6.

If you run a bridge to help people in Turkmenistan, send your bridge
line to frontd...@torproject.org. We will share your bridge with people
that really need it!

A bridge line is composed of:

IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

If you need help to build your bridge line, please check the official
guide: https://community.torproject.org/relay/setup/bridge/post-install/

## Other Pluggable Transports

- Snowflake has been blocked in the country since 2021:
 - STUN servers are running on blocked IP ranges
 - When we found an available STUN server, it didn't find a proxy to
   match (probably because of the TM's IP range rules). For more
information, see this ticket[2].

- Meek[3] (domain fronting) is one of the few techniques that
   consistently works, but with reduced speed. While there is a dedicated
bridge for TM, its cost is high.

- Conjure[4] was successfully tested, but more development hours are
   still needed for its maintenance and stabilization. Currently it is
only available on Tor Browser Alpha and some other Tor powered apps.

- WebTunnel[5] could potentially work, but like obfs4 bridges, it
   depends on whether the website is hosted on an IP range that is not
blocked in Turkmenistan.

## Research and other resources

If you would like to learn more about censorship in Turkmenistan,
ntc.party is a great resource (posts in Russian):
https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17

And this paper (2023) about measuring Internet censorship in TM:

"Measuring and Evading Turkmenistan's Internet Censorship: A Case Study
in Large-Scale Measurements of a Low-Penetration Country" (Sadia Nourin,
Van Tran, Xi Jiang, Kevin Bock, Nick Feamster, Nguyen Phong Hoang, Dave
Levin) 2023-04-17
https://arxiv.org/abs/2304.04835
https://tmc.np-tokumei.net/

## Tor metrics

You can follow a rough estimate of Tor usage in Turkmenistan here:
- 
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-21=2023-07-20=tm
- 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-21=2023-07-20=tm=off

## torrc example

BridgeRelay 1
ORPort 127.0.0.1:auto
AssumeReachable 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtORPort auto
Nickname helptm
ContactInfo 
Log notice file /var/log/tor/notices.log
# If you set BridgeDistribution none, please remember to email
# your bridge line to us: frontd...@torproject.org
BridgeDistribution none

Thank you,
Gus

Notes

[1]
https://www.rferl.org/a/turkmenistan-top-officials-fired/32507072.html
https://www.reuters.com/world/asia-pacific/turkmenistan-opens-futuristic-city-dedicated-leader-2023-06-29/
[2]
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
[3]
https://metrics.torproject.org/rs.html#details/A77AB4544CEB3AB8155FC5D18E69651BD31596F2
[4]