#28526: Document how NGOs can run private obfs4 bridges, and get some doing it
----------------------------------+----------------------
     Reporter:  arma              |      Owner:  (none)
         Type:  project           |     Status:  assigned
     Priority:  Medium            |  Milestone:
    Component:  Webpages/Support  |    Version:
     Severity:  Normal            |   Keywords:  ux-team
Actual Points:                    |  Parent ID:
       Points:                    |   Reviewer:
      Sponsor:  Sponsor19         |
----------------------------------+----------------------
 One of our eventual goals is to get bridgedb back on its feet, and using
 bridge distribution strategies that China can't defeat, but in the mean
 time we should document one approach that should still work: setting up
 your Tor Browser with a private (not publicized) tor bridge.

 In particular, we know many NGOs that would be happy to run unpublished
 obfs4 bridges for their people, and give them private bridge addresses
 when they visit China.

 There are several steps to following through with this idea.

 Round one (minimum viable approach):

 (1) Document for NGOs how to easily run a few private obfs4 bridges. I've
 seen some guides floating around but nothing both simple and obviously
 official.

 (2) Document for NGOs how they should get these bridge addresses to their
 users, and how the users should add them to Tor Browser. On Android it
 seems that Orbot hooks the "bridge://" url, so sending bridge addresses
 via signal, email, etc should work: the user clicks on the bridge address,
 which launches Orbot which adds that bridge to its configuration. Having
 docs for actual users, with screenshots and stuff, would be the clear next
 step. On desktop the interface choices are messier: see #28015.

 (3) Walk a few NGOs through the process from beginning to end, so we can
 confirm for ourselves that it works as intended, and so we can have a more
 direct connection to actual users to get feedback on all angles of the
 user experience.

 Round two (once we like round one):

 (4) Document for NGOs how to run a series of obfs4 bridges. This could
 start with one bridge address per computer, but the longer term answer is
 to have a single Tor client binding to many bridge addresses, maybe with
 help from the ISP to point these many bridge addresses to that Tor.

 (5) Understand if private bridges actually work in China. Apparently
 Lantern uses obfs4 and they don't get blocked by DPI, so that's a good
 start, but I've also heard stories of DPI-based throttling. In step 3
 above we'll get some anecdotal answers, but here we should design and
 deploy some recurring experiments from computers inside China that assess
 (a) connectivity, (b) whether it can bootstrap, and (c) throughput,
 through a private bridge.

 (6) We should invent and document some best practices for where NGOs ought
 to run their bridges, and how many bridges they need per user. At the
 extreme bad end of the spectrum, they would run one bridge and give it to
 all of the people attending a given training -- and in that case, apart
 from the obvious "what if one of the users is bad and gets the address
 blocked" worry, discovering some of the users could lead to discovering
 other related users. At the other end of the spectrum is one bridge (on
 its own separate ISP) per user. What are some acceptable solutions in
 between?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28526>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Reply via email to