Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Gary C. New via tor-relays]

On Wednesday, August 2, 2023, 10:09:06 AM MDT, meskio  
wrote:
 
 > Quoting li...@for-privacy.net (2023-08-02 17:13:53)
> > On Dienstag, 1. August 2023 23:22:12 CEST Gary C. New via tor-relays wrote:
> > > On Tuesday, August 1, 2023, 10:54:40 AM MDT,  
>wrote:
> > > 
> > >  On Montag, 31. Juli 2023 23:06:54 CEST Gary C. New via tor-relays wrote:
> > > >> Please let me know, if you are able to get the OBFS4
>> > >> bridge working without exposing the ORPort. Respectfully,
> > > >
> > > > Yes, that's working
> > > 
> > > Great News!
>> > 
> > > > == Announcements ==
>> > > rdsys is ignoring the running flag now :)
> > > > * To hide your bridge's ORPort:
> > > > ORPort 127.0.0.1:auto>
> > > > AssumeReachable 1
>
> Yes, as mentioned not publishing the OrPort is supported. But we haven't 
> mentioned it much around. We have an issue where we are discussing if 
>changing 
> our documentation to recommend doing that:
>  https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129

Excellent! I will follow Issue #129 to confirm everything is working as 
expected, prior to making changes to my bridges.
Thanks for the update.

Gary  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[meskio]

Quoting li...@for-privacy.net (2023-08-02 17:13:53)
> On Dienstag, 1. August 2023 23:22:12 CEST Gary C. New via tor-relays wrote:
> > On Tuesday, August 1, 2023, 10:54:40 AM MDT,  wrote:
> > 
> >  On Montag, 31. Juli 2023 23:06:54 CEST Gary C. New via tor-relays wrote:
> > >> Please let me know, if you are able to get the OBFS4
> > >> bridge working without exposing the ORPort. Respectfully,
> > >
> > > Yes, that's working
> > 
> > Great News!
> > 
> > > == Announcements ==
> > > rdsys is ignoring the running flag now :)
> > > * To hide your bridge's ORPort:
> > > ORPort 127.0.0.1:auto>
> > > AssumeReachable 1

Yes, as mentioned not publishing the OrPort is supported. But we haven't 
mentioned it much around. We have an issue where we are discussing if changing 
our documentation to recommend doing that:
  https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129

-- 
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[lists]

On Dienstag, 1. August 2023 23:22:12 CEST Gary C. New via tor-relays wrote:

> The failure logs and metrics are going to be confusing to new obfsbridge
> operators. I suppose documenting this on the obfsbridge setup page will
> have to be sufficient in the interim; along, with pointing them to the
> bridgedb metrics page.

regarding this, Meskio just created an isue
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[lists]

On Dienstag, 1. August 2023 23:22:12 CEST Gary C. New via tor-relays wrote:
> On Tuesday, August 1, 2023, 10:54:40 AM MDT,  wrote:
> 
>  On Montag, 31. Juli 2023 23:06:54 CEST Gary C. New via tor-relays wrote:
> >> Please let me know, if you are able to get the OBFS4
> >> bridge working without exposing the ORPort. Respectfully,
> >
> > Yes, that's working
> 
> Great News!
> 
> > == Announcements ==
> > rdsys is ignoring the running flag now :)
> > * To hide your bridge's ORPort:
> > ORPort 127.0.0.1:auto>
> > AssumeReachable 1
> 
> Per Roger's comment in the Issue, it sounds like I can simply firewall
> incoming connections to the ORPort and add the AssumeReachable 1 directive
> to the torrc? Is that correct?
I am currently forwarding OBFS4 port and ORPort on my router. At the moment it 
is more important that I find an IP with Gus that can be reached from 
Turkmenistan. At the weekend I will test with unused bridges whether the 
ORPort is needed or not.

> > The previously mentioned logs and the Tor metrics showing the bridge as
> >offline can be ignored.

> The failure logs and metrics are going to be confusing to new obfsbridge
> operators. I suppose documenting this on the obfsbridge setup page will
> have to be sufficient in the interim; along, with pointing them to the
> bridgedb metrics page.

We should note that this is a new feature which has yet to be tested.

Gus wrote to me:
"But, it's still a new feature and I don't know if it will break something.
Can you check if the number of connections/users drops and if bridgeDB
assign your bridge to a new distribution method? Let me know if
something breaks!"


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Gary C. New via tor-relays]

On Tuesday, August 1, 2023, 10:54:40 AM MDT,  wrote:
 
 On Montag, 31. Juli 2023 23:06:54 CEST Gary C. New via tor-relays wrote:

>> Please let me know, if you are able to get the OBFS4
>> bridge working without exposing the ORPort. Respectfully,
> Yes, that's working

Great News!

> == Announcements ==
> rdsys is ignoring the running flag now :)
> * To hide your bridge's ORPort:
> ORPort 127.0.0.1:auto>
> AssumeReachable 1
Per Roger's comment in the Issue, it sounds like I can simply firewall incoming 
connections to the ORPort and add the AssumeReachable 1 directive to the torrc? 
Is that correct?

> The previously mentioned logs and the Tor metrics showing the bridge as 
>offline can be ignored.
The failure logs and metrics are going to be confusing to new obfsbridge 
operators. I suppose documenting this on the obfsbridge setup page will have to 
be sufficient in the interim; along, with pointing them to the bridgedb metrics 
page.


https://bridges.torproject.org/status?id=E6709F6130C61638400F27FAC6358E3412790F72
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Toralf Förster]

On 8/1/23 19:38, li...@for-privacy.net wrote:

Yes ;-)

cool - this simplifies my Ansible role (I randomly choosed an ORPort
between 30K and 62K)


Unfortunately, they come every 1-2 hours

np - I'll ignore that

Thx !
--
Toralf

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[lists]

On Dienstag, 1. August 2023 19:21:08 CEST Toralf Förster wrote:
> On 8/1/23 18:54, li...@for-privacy.net wrote:
> 
> > == Announcements ==
> > rdsys is ignoring the running flag now :)
> > * To hide your bridge's ORPort:
> > ORPort 127.0.0.1:auto
> > AssumeReachable 1
> 
> 
> I do assume I can ignore this log message ? :

Yes ;-)
Unfortunately, they come every 1-2 hours

>   "Aug 01 17:18:19.000 [warn] The IPv4 ORPort address 127.0.0.1 does not 
> match the descriptor address . If you have a static public IPv4 
> address, use 'Address ' and 'OutboundBindAddress '. If you 
> are behind a NAT, use two ORPort lines: 'ORPort  NoListen' 
> and 'ORPort  NoAdvertise'.",


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Toralf Förster]

On 8/1/23 18:54, li...@for-privacy.net wrote:

== Announcements ==
rdsys is ignoring the running flag now :)
* To hide your bridge's ORPort:
ORPort 127.0.0.1:auto
AssumeReachable 1


I do assume I can ignore this log message ? :

 "Aug 01 17:18:19.000 [warn] The IPv4 ORPort address 127.0.0.1 does not 
match the descriptor address . If you have a static public IPv4 
address, use 'Address ' and 'OutboundBindAddress '. If you 
are behind a NAT, use two ORPort lines: 'ORPort  NoListen' 
and 'ORPort  NoAdvertise'.",


--
Toralf



OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[lists]

On Montag, 31. Juli 2023 23:06:54 CEST Gary C. New via tor-relays wrote:

> Please let me know, if you are able to get the OBFS4
> bridge working without exposing the ORPort. Respectfully,
Yes, that's working

All Info about this new feature:
Anti-censorship team meeting notes, 2023-06-29
https://forum.torproject.org/t/orport-127-0-0-1-auto/8470
https://lists.torproject.org/pipermail/tor-project/2023-June/003642.html

== Announcements ==
rdsys is ignoring the running flag now :)
* To hide your bridge's ORPort:
ORPort 127.0.0.1:auto
AssumeReachable 1

The previously mentioned logs and the Tor metrics showing the bridge as offline 
can be ignored.
https://metrics.torproject.org/rs.html#details/E6709F6130C61638400F27FAC6358E3412790F72

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Gary C. New via tor-relays]

On Monday, July 31, 2023, 2:11:52 PM MDT, li...@for-privacy.net 
 wrote:
 
 > On Montag, 31. Juli 2023 00:55:15 CEST Gary C. New via tor-relays wrote:

> > On Sunday, July 30, 2023, 3:30:55 PM MDT, li...@for-privacy.net  wrote:
> > > I don't know if I should ignore that or better configure it that >way:
> > > ORPort 127.0.0.1:8443 NoListen
> > > ORPort 8443 NoAdvertise
> > > ORPort [::1]:8443 NoListen
> > > ORPort 8443 NoAdvertise
> > 
> > Other way around:
> > ORPort 8443 NoListen
> > ORPort 127.0.0.1:8443 NoAdvertise
>
> Uh thanks, Gus replied me PM 'I can just ignore the logs' and bridge is 
> running with:>
> ORPort 127.0.0.1:8443>
> AssumeReachable 1
>
> But I want to test the new obfsbridges future 'only expose obfsports and not 
> ORPort' next days with different configs. You saved me from a stupid pitfall 
>;-)

When I configured my first OBFS4 bridge, I was also interested in only exposing 
the OBFS4 port. However, I was told that the ORPort must be accessable for the 
OBFS4 bridge to work.
I ended up mirroring many OBFS4 ports on the same IPv4 Address as the ORPort to 
obscure the ORPort among the many OBFS4 ports.
Please let me know, if you are able to get the OBFS4 bridge working without 
exposing the ORPort.
Respectfully,

Gary  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[lists]

On Montag, 31. Juli 2023 00:55:15 CEST Gary C. New via tor-relays wrote:
> On Sunday, July 30, 2023, 3:30:55 PM MDT, li...@for-privacy.net  wrote:
> > I don't know if I should ignore that or better configure it that >way:
> > ORPort 127.0.0.1:8443 NoListen
> > ORPort 8443 NoAdvertise
> > ORPort [::1]:8443 NoListen
> > ORPort 8443 NoAdvertise
> 
> Other way around:
> ORPort 8443 NoListen
> ORPort 127.0.0.1:8443 NoAdvertise

Uh thanks, Gus replied me PM 'I can just ignore the logs' and bridge is 
running with:
ORPort 127.0.0.1:8443
AssumeReachable 1

But I want to test the new obfsbridges future 'only expose obfsports and not 
ORPort' next days with different configs. You saved me from a stupid pitfall ;-)

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Gary C. New via tor-relays]

On Sunday, July 30, 2023, 3:30:55 PM MDT, li...@for-privacy.net 
 wrote:
 

> I don't know if I should ignore that or better configure it that >way:
> ORPort 127.0.0.1:8443 NoListen
> ORPort 8443 NoAdvertise
> ORPort [::1]:8443 NoListen
> ORPort 8443 NoAdvertise

Other way around:
ORPort 8443 NoListen
ORPort 127.0.0.1:8443 NoAdvertise  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[lists]

On Freitag, 21. Juli 2023 18:07:35 CEST gus wrote:

> New update: In the last few weeks, internal political conflicts and
> other events[1] in Turkmenistan have led to another wave of censorship
> on Tor and anti-censorship tools. Tor bridges have been one of the few
> free alternatives for people in Turkmenistan to connect with the world
> and access the open Internet.
> 

I stopped snowflake and now a bridge is running on my dynIP.

> 
> ## torrc example
> 
> BridgeRelay 1
> ORPort 127.0.0.1:auto
> AssumeReachable 1
> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> ServerTransportListenAddr obfs4 0.0.0.0:8080
> ExtORPort auto
> Nickname helptm
> ContactInfo 
> Log notice file /var/log/tor/notices.log
> # If you set BridgeDistribution none, please remember to email
> # your bridge line to us: frontd...@torproject.org
> BridgeDistribution none

But I have that in the log :-(
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv4 ORPort address 127.0.0.1 does not 
match the descriptor address  203.0.113.18. If you have a static public IPv4 
address, use 'Address ' and 'OutboundBindAddress '. If you are 
behind a NAT, use two ORPort lines: 'ORPort  NoListen' and 'ORPort 
 NoAdvertise'.
Jul 30 16:48:29 t520 Tor-01[93466]: The IPv6 ORPort address ::1 does not match 
the descriptor address 2001:db8:1234:1::::. If you have a 
static public IPv4 address, use 'Address ' and 'OutboundBindAddress 
'. If you are behind a NAT, use two ORPort lines: 'ORPort  
NoListen' and 'ORPort  NoAdvertise'.

I don't know if I should ignore that or better configure it that way:
ORPort 127.0.0.1:8443 NoListen
ORPort 8443 NoAdvertise
ORPort [::1]:8443 NoListen
ORPort 8443 NoAdvertise

I'm aware of
https://gitlab.torproject.org/tpo/core/tor/-/issues/40208
I hope to get it done with scipting on my Mikrotik, or switch to ipv4 only.

frontd...@torproject.org has no PGP key, can I send you or meskio the 
bridgeline?

Bridgeline must be:
Bridge obfs4 :  cert=abra+kadabra iat-mode=0
But DynIP changes every few days. Do you also give the bridge users 
myrouter.example.net?

Because of your post in the forum:
https://forum.torproject.org/t/orport-127-0-0-1-auto/8470
should we do this with all running bridges, or only the hidden ones?

-- 
Ciao Marco!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[tor-opera...@urdn.com.ua]

gus  wrote:

> Second, in Turkmenistan case, it appears that one ISP (AGTS) had
> different censorship rules compared to their main ISP,
> Turkmentelecom.

That's not possible because AGTS is entirely hosted by TurkmenTelecom.
This is different from PRC China where they have 3 operators with
different networks thus having each their censorship.

It also cannot be compared with Russia, because until 10 years ago, the
Internet in Russia was totally free, this enabled decentralization and
rapid deployment. Thanks to this, the government still does not have a
single button to press to shut everything down, and censorship is
implemented differently by each operator. In Turkmenistan, such
development was never possible.

Sometimes, the filtering seems lighter in Turkmeninstan, and the
reason is that TurkmenTelecom sucks at censorship. Turkmenistan does
not even maintain a blacklist, they maintain a whitelist, that is,
everything is blocked but what's on the list.
The result is that people can't even update software, things start to
break and then they are forced to lift the filtering up a little bit
which sometimes result in making bootstrapping Tor possible.

Also, when there is an event such as an election, they simply disconnect
everything. Therefore, running bridges and relays won't help,
sadly.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[telekobold]

Hi Gus,

thank you for the clarification.

Kind regards
telekobold

On 22.07.23 17:12, gus wrote:

Hi,

Great question. First, it is important to highlight that sometimes
censorship is not implemented uniformly across all ISPs in a country.
For example, see Tor Metrics in Russia:
- 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-23=2023-07-22=ru=off
- 
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-23=2023-07-22=ru

And sometimes you'll find some interesting metrics anomalies, e.g., in
China:
- Vanilla Tor connections spikes:
   
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-23=2023-07-22=cn=off
- Bridge users:
   
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-23=2023-07-22=cn

Second, in Turkmenistan case, it appears that one ISP (AGTS) had different
censorship rules compared to their main ISP, Turkmentelecom. As a result,
AGTS clients were able to use tools like tor-relay-scanner[1] to find
unblocked Tor relays and use them as Tor "vanilla OR bridges" to bypass
the block.

But, this workaround was blocked in AGTS/Turkmenistan last week and it
is no longer effective.

Gus

[1] https://github.com/ValdikSS/tor-relay-scanner

On Sat, Jul 22, 2023 at 03:47:18PM +0200, telekobold wrote:

Hi,

just a question out of interest: If there is such a massive blocking of Tor
in Turkmenistan, how can it be that there seem to have been measured between
1500 and 1 direct connections with Tor from Turkmenistan this year [1]?
The curve has had a very sharp drop to almost zero recently, but I would
have expected it to be close to zero all along given the reports.

The number of clients directly connected to Tor seems to be even comparable
to the number of clients connected via bridges for the last months [2].

Kind regards
telekobold

[1] 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-01-01=2023-07-22=tm
[2] 
https://metrics.torproject.org/userstats-bridge-country.html?start=2023-01-01=2023-07-22=tm

On 21.07.23 18:07, gus wrote:

Hi,

New update: In the last few weeks, internal political conflicts and
other events[1] in Turkmenistan have led to another wave of censorship
on Tor and anti-censorship tools. Tor bridges have been one of the few
free alternatives for people in Turkmenistan to connect with the world
and access the open Internet.

If you have access to an IP range that has never seen the light of day,
a stable residential connection, or access to your university network,
you can help thousands of people connect to the internet in
Turkmenistan.

Tor bridges running on residential connections, on dynamic IPv4 address,
or on unblocked IP ranges are effective, but are regularly discovered
and blocked by censors, thus making us to call for new bridges. These
bridges must run on specific obfs4 ports: 80, 8080, or 443. See below
the example of torrc for your bridge. If it's your first time running a
bridge, please follow our official guide:
.

Finding an IP range that is unblocked-in the country is not easy.
However, bridges in universities and IP ranges in US have been of great
help to people in Turkmenistan.
Please note that it's not possible to run IPv6-only bridges and
Turkmenistan has a very small adoption of IPv6.

If you run a bridge to help people in Turkmenistan, send your bridge
line to frontd...@torproject.org. We will share your bridge with people
that really need it!

A bridge line is composed of:

IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

If you need help to build your bridge line, please check the official
guide: https://community.torproject.org/relay/setup/bridge/post-install/

## Other Pluggable Transports

- Snowflake has been blocked in the country since 2021:
  - STUN servers are running on blocked IP ranges
  - When we found an available STUN server, it didn't find a proxy to
match (probably because of the TM's IP range rules). For more
information, see this ticket[2].

- Meek[3] (domain fronting) is one of the few techniques that
consistently works, but with reduced speed. While there is a dedicated
bridge for TM, its cost is high.

- Conjure[4] was successfully tested, but more development hours are
still needed for its maintenance and stabilization. Currently it is
only available on Tor Browser Alpha and some other Tor powered apps.

- WebTunnel[5] could potentially work, but like obfs4 bridges, it
depends on whether the website is hosted on an IP range that is not
blocked in Turkmenistan.

## Research and other resources

If you would like to learn more about censorship in Turkmenistan,
ntc.party is a great resource (posts in Russian):
https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17

And this paper (2023) about measuring Internet censorship in TM:

"Measuring and Evading Turkmenistan's Internet Censorship: A Case Study
in 

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Hi,

Great question. First, it is important to highlight that sometimes
censorship is not implemented uniformly across all ISPs in a country.
For example, see Tor Metrics in Russia:
- 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-23=2023-07-22=ru=off
- 
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-23=2023-07-22=ru

And sometimes you'll find some interesting metrics anomalies, e.g., in
China:
- Vanilla Tor connections spikes:
  
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-23=2023-07-22=cn=off
- Bridge users:
  
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-23=2023-07-22=cn

Second, in Turkmenistan case, it appears that one ISP (AGTS) had different
censorship rules compared to their main ISP, Turkmentelecom. As a result,
AGTS clients were able to use tools like tor-relay-scanner[1] to find
unblocked Tor relays and use them as Tor "vanilla OR bridges" to bypass
the block.

But, this workaround was blocked in AGTS/Turkmenistan last week and it
is no longer effective.

Gus

[1] https://github.com/ValdikSS/tor-relay-scanner

On Sat, Jul 22, 2023 at 03:47:18PM +0200, telekobold wrote:
> Hi,
> 
> just a question out of interest: If there is such a massive blocking of Tor
> in Turkmenistan, how can it be that there seem to have been measured between
> 1500 and 1 direct connections with Tor from Turkmenistan this year [1]?
> The curve has had a very sharp drop to almost zero recently, but I would
> have expected it to be close to zero all along given the reports.
> 
> The number of clients directly connected to Tor seems to be even comparable
> to the number of clients connected via bridges for the last months [2].
> 
> Kind regards
> telekobold
> 
> [1] 
> https://metrics.torproject.org/userstats-relay-country.html?start=2023-01-01=2023-07-22=tm
> [2] 
> https://metrics.torproject.org/userstats-bridge-country.html?start=2023-01-01=2023-07-22=tm
> 
> On 21.07.23 18:07, gus wrote:
> > Hi,
> > 
> > New update: In the last few weeks, internal political conflicts and
> > other events[1] in Turkmenistan have led to another wave of censorship
> > on Tor and anti-censorship tools. Tor bridges have been one of the few
> > free alternatives for people in Turkmenistan to connect with the world
> > and access the open Internet.
> > 
> > If you have access to an IP range that has never seen the light of day,
> > a stable residential connection, or access to your university network,
> > you can help thousands of people connect to the internet in
> > Turkmenistan.
> > 
> > Tor bridges running on residential connections, on dynamic IPv4 address,
> > or on unblocked IP ranges are effective, but are regularly discovered
> > and blocked by censors, thus making us to call for new bridges. These
> > bridges must run on specific obfs4 ports: 80, 8080, or 443. See below
> > the example of torrc for your bridge. If it's your first time running a
> > bridge, please follow our official guide:
> > .
> > 
> > Finding an IP range that is unblocked-in the country is not easy.
> > However, bridges in universities and IP ranges in US have been of great
> > help to people in Turkmenistan.
> > Please note that it's not possible to run IPv6-only bridges and
> > Turkmenistan has a very small adoption of IPv6.
> > 
> > If you run a bridge to help people in Turkmenistan, send your bridge
> > line to frontd...@torproject.org. We will share your bridge with people
> > that really need it!
> > 
> > A bridge line is composed of:
> > 
> > IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
> > 
> > If you need help to build your bridge line, please check the official
> > guide: https://community.torproject.org/relay/setup/bridge/post-install/
> > 
> > ## Other Pluggable Transports
> > 
> > - Snowflake has been blocked in the country since 2021:
> >  - STUN servers are running on blocked IP ranges
> >  - When we found an available STUN server, it didn't find a proxy to
> >match (probably because of the TM's IP range rules). For more
> > information, see this ticket[2].
> > 
> > - Meek[3] (domain fronting) is one of the few techniques that
> >consistently works, but with reduced speed. While there is a dedicated
> > bridge for TM, its cost is high.
> > 
> > - Conjure[4] was successfully tested, but more development hours are
> >still needed for its maintenance and stabilization. Currently it is
> > only available on Tor Browser Alpha and some other Tor powered apps.
> > 
> > - WebTunnel[5] could potentially work, but like obfs4 bridges, it
> >depends on whether the website is hosted on an IP range that is not
> > blocked in Turkmenistan.
> > 
> > ## Research and other resources
> > 
> > If you would like to learn more about censorship in Turkmenistan,
> > ntc.party is a great resource (posts in Russian):
> > 

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[telekobold]

Hi,

just a question out of interest: If there is such a massive blocking of 
Tor in Turkmenistan, how can it be that there seem to have been measured 
between 1500 and 1 direct connections with Tor from Turkmenistan 
this year [1]? The curve has had a very sharp drop to almost zero 
recently, but I would have expected it to be close to zero all along 
given the reports.


The number of clients directly connected to Tor seems to be even 
comparable to the number of clients connected via bridges for the last 
months [2].


Kind regards
telekobold

[1] 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-01-01=2023-07-22=tm
[2] 
https://metrics.torproject.org/userstats-bridge-country.html?start=2023-01-01=2023-07-22=tm


On 21.07.23 18:07, gus wrote:

Hi,

New update: In the last few weeks, internal political conflicts and
other events[1] in Turkmenistan have led to another wave of censorship
on Tor and anti-censorship tools. Tor bridges have been one of the few
free alternatives for people in Turkmenistan to connect with the world
and access the open Internet.

If you have access to an IP range that has never seen the light of day,
a stable residential connection, or access to your university network,
you can help thousands of people connect to the internet in
Turkmenistan.

Tor bridges running on residential connections, on dynamic IPv4 address,
or on unblocked IP ranges are effective, but are regularly discovered
and blocked by censors, thus making us to call for new bridges. These
bridges must run on specific obfs4 ports: 80, 8080, or 443. See below
the example of torrc for your bridge. If it's your first time running a
bridge, please follow our official guide:
.

Finding an IP range that is unblocked-in the country is not easy.
However, bridges in universities and IP ranges in US have been of great
help to people in Turkmenistan.
Please note that it's not possible to run IPv6-only bridges and
Turkmenistan has a very small adoption of IPv6.

If you run a bridge to help people in Turkmenistan, send your bridge
line to frontd...@torproject.org. We will share your bridge with people
that really need it!

A bridge line is composed of:

IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

If you need help to build your bridge line, please check the official
guide: https://community.torproject.org/relay/setup/bridge/post-install/

## Other Pluggable Transports

- Snowflake has been blocked in the country since 2021:
 - STUN servers are running on blocked IP ranges
 - When we found an available STUN server, it didn't find a proxy to
   match (probably because of the TM's IP range rules). For more
information, see this ticket[2].

- Meek[3] (domain fronting) is one of the few techniques that
   consistently works, but with reduced speed. While there is a dedicated
bridge for TM, its cost is high.

- Conjure[4] was successfully tested, but more development hours are
   still needed for its maintenance and stabilization. Currently it is
only available on Tor Browser Alpha and some other Tor powered apps.

- WebTunnel[5] could potentially work, but like obfs4 bridges, it
   depends on whether the website is hosted on an IP range that is not
blocked in Turkmenistan.

## Research and other resources

If you would like to learn more about censorship in Turkmenistan,
ntc.party is a great resource (posts in Russian):
https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17

And this paper (2023) about measuring Internet censorship in TM:

"Measuring and Evading Turkmenistan's Internet Censorship: A Case Study
in Large-Scale Measurements of a Low-Penetration Country" (Sadia Nourin,
Van Tran, Xi Jiang, Kevin Bock, Nick Feamster, Nguyen Phong Hoang, Dave
Levin) 2023-04-17
https://arxiv.org/abs/2304.04835
https://tmc.np-tokumei.net/

## Tor metrics

You can follow a rough estimate of Tor usage in Turkmenistan here:
- 
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-21=2023-07-20=tm
- 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-21=2023-07-20=tm=off

## torrc example

BridgeRelay 1
ORPort 127.0.0.1:auto
AssumeReachable 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtORPort auto
Nickname helptm
ContactInfo 
Log notice file /var/log/tor/notices.log
# If you set BridgeDistribution none, please remember to email
# your bridge line to us: frontd...@torproject.org
BridgeDistribution none

Thank you,
Gus

Notes

[1]
https://www.rferl.org/a/turkmenistan-top-officials-fired/32507072.html
https://www.reuters.com/world/asia-pacific/turkmenistan-opens-futuristic-city-dedicated-leader-2023-06-29/
[2]
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
[3]
https://metrics.torproject.org/rs.html#details/A77AB4544CEB3AB8155FC5D18E69651BD31596F2
[4]

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Hi,

New update: In the last few weeks, internal political conflicts and
other events[1] in Turkmenistan have led to another wave of censorship
on Tor and anti-censorship tools. Tor bridges have been one of the few
free alternatives for people in Turkmenistan to connect with the world
and access the open Internet.

If you have access to an IP range that has never seen the light of day,
a stable residential connection, or access to your university network,
you can help thousands of people connect to the internet in
Turkmenistan.

Tor bridges running on residential connections, on dynamic IPv4 address,
or on unblocked IP ranges are effective, but are regularly discovered
and blocked by censors, thus making us to call for new bridges. These
bridges must run on specific obfs4 ports: 80, 8080, or 443. See below
the example of torrc for your bridge. If it's your first time running a
bridge, please follow our official guide:
.

Finding an IP range that is unblocked-in the country is not easy.
However, bridges in universities and IP ranges in US have been of great
help to people in Turkmenistan.
Please note that it's not possible to run IPv6-only bridges and
Turkmenistan has a very small adoption of IPv6. 

If you run a bridge to help people in Turkmenistan, send your bridge
line to frontd...@torproject.org. We will share your bridge with people
that really need it!

A bridge line is composed of:

IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

If you need help to build your bridge line, please check the official
guide: https://community.torproject.org/relay/setup/bridge/post-install/

## Other Pluggable Transports

- Snowflake has been blocked in the country since 2021:
- STUN servers are running on blocked IP ranges
- When we found an available STUN server, it didn't find a proxy to
  match (probably because of the TM's IP range rules). For more
information, see this ticket[2].

- Meek[3] (domain fronting) is one of the few techniques that
  consistently works, but with reduced speed. While there is a dedicated
bridge for TM, its cost is high.

- Conjure[4] was successfully tested, but more development hours are
  still needed for its maintenance and stabilization. Currently it is
only available on Tor Browser Alpha and some other Tor powered apps. 

- WebTunnel[5] could potentially work, but like obfs4 bridges, it
  depends on whether the website is hosted on an IP range that is not
blocked in Turkmenistan.

## Research and other resources

If you would like to learn more about censorship in Turkmenistan,
ntc.party is a great resource (posts in Russian):
https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17

And this paper (2023) about measuring Internet censorship in TM:

"Measuring and Evading Turkmenistan's Internet Censorship: A Case Study
in Large-Scale Measurements of a Low-Penetration Country" (Sadia Nourin,
Van Tran, Xi Jiang, Kevin Bock, Nick Feamster, Nguyen Phong Hoang, Dave
Levin) 2023-04-17 
https://arxiv.org/abs/2304.04835
https://tmc.np-tokumei.net/

## Tor metrics

You can follow a rough estimate of Tor usage in Turkmenistan here:
- 
https://metrics.torproject.org/userstats-bridge-combined.html?start=2023-04-21=2023-07-20=tm
- 
https://metrics.torproject.org/userstats-relay-country.html?start=2023-04-21=2023-07-20=tm=off

## torrc example

BridgeRelay 1
ORPort 127.0.0.1:auto
AssumeReachable 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8080
ExtORPort auto
Nickname helptm
ContactInfo 
Log notice file /var/log/tor/notices.log
# If you set BridgeDistribution none, please remember to email 
# your bridge line to us: frontd...@torproject.org 
BridgeDistribution none

Thank you,
Gus

Notes

[1]
https://www.rferl.org/a/turkmenistan-top-officials-fired/32507072.html
https://www.reuters.com/world/asia-pacific/turkmenistan-opens-futuristic-city-dedicated-leader-2023-06-29/
[2]
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
[3]
https://metrics.torproject.org/rs.html#details/A77AB4544CEB3AB8155FC5D18E69651BD31596F2
[4]
https://forum.torproject.org/t/call-for-testers-help-the-tor-project-to-test-conjure-on-tor-browser-alpha/7815
[5]
https://forum.torproject.org/t/tor-relays-announcement-webtunnel-a-new-pluggable-transport-for-bridges-now-available-for-deployment/8180


On Tue, Apr 04, 2023 at 12:46:47AM -0300, gus wrote:
> Hello,
> 
> Another update:
> 
> As it's very hard to get a vantage point in the country[1], we've asked
> feedback from users to understand what works there. But, if by any chance
> you have access to a machine hosted there, do let me know! You can
> contact me in private. :)
> 
> Based on user feedback, we learned that obfs4 bridges running on
> residential connections + port 80, 443 or 8080 works in Turkmenistan.
> Last week I asked some operators to change their bridge obfs4 port and
> it worked!
> 

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Hello,

Another update:

As it's very hard to get a vantage point in the country[1], we've asked
feedback from users to understand what works there. But, if by any chance
you have access to a machine hosted there, do let me know! You can
contact me in private. :)

Based on user feedback, we learned that obfs4 bridges running on
residential connections + port 80, 443 or 8080 works in Turkmenistan.
Last week I asked some operators to change their bridge obfs4 port and
it worked!

Unfortunately, users reported that censors blocked some bridges. You can
even see that on Tor Metrics graph. For example:
- 
https://metrics.torproject.org/rs.html#details/D1302AC19A71BED956C568AC79DF0048E61D8A2E
 
- 
https://metrics.torproject.org/rs.html#details/A811AAB7771434CE0DD4D3942173E65DEC49B962

If you're operating these bridges and can easily rotate the IP address, please
do!

Finally, if you want to learn more about censorship in Turkmenistan, you
can check this great presentation[2] from last year.

Thanks for running bridges!
Gus

[1] https://ntc.party/t/vps/2804/9
[2] https://drive.google.com/file/d/1odIO1Bi9laU-B-JZMoZFWGEwkTl95oq9/view

On Thu, Mar 23, 2023 at 01:00:17PM -0300, gus wrote:
> Hello, just a quick update:
> 
> Some friends from Turkmenistan told me that they don't think this new
> round of online censorship is related to the upcoming elections,
> because it's just a "formal" event. In general, they said, shutdowns and
> internet disruptions are motivated by other events like:
>  - when Russian Duma speaker arrived in TM
>  - the wedding day of the president's grandson
> 
> Anyway, today we tested some of bridges that you shared with us and I replied
> back saying which ones worked and which ones didn't.
> 
> Thank you for running a bridge!,
> Gus
> 
> On Wed, Mar 22, 2023 at 04:25:05PM -0300, gus wrote:
> > Dear Relay operators community,
> > 
> > The parliamentary elections in Turkmenistan are coming up very soon on
> > March 26th[1], and the Turkmen government has tightened internet censorship
> > and restrictions even more. In the last few months, the Anti-censorship
> > community has learned that different pluggable transports, like
> > Snowflake, and entire IP ranges, have been blocked in the country.
> > Therefore, running a bridge on popular hosting providers like Hetzner,
> > Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
> > are completely blocked in Turkmenistan.
> > 
> > Recently, we learned from the Anti-censorship community[2] and via Tor user
> > support channels that Tor bridges running on residential connections
> > were working fine. Although they were blocked after some days or a week,
> > these bridges received a lot of users and were very important to keep
> > Turkmens connected.
> > 
> > How to help Turkmens to access the Internet
> > ===
> > 
> > You can help Turkmens to access the free and open internet by running an
> > obfs4 Tor bridge! But here's the trick: you need to run it on a
> > residential connection -- you won't need a static IPv4 --, and it would
> > ideally be run on more robust hardware than just a Raspberry Pi
> > (although that can help, we have found they can get overloaded).
> > 
> > You can set up an obfs4 bridge by following our official guide:
> > https://community.torproject.org/relay/setup/bridge/
> > 
> > After you setup a new bridge, you can share your bridge line with the
> > Tor support team at frontd...@torproject.org, and we will share it with
> > users.
> > 
> > A complete bridge line is composed of:
> > 
> > IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
> > 
> > Check this documentation to learn how to share your bridge line:
> > https://community.torproject.org/relay/setup/bridge/post-install/
> > 
> > Just sharing your bridge fingerprint is not the best, but it's fine.
> > 
> > You can read more about censorship against Tor in Turkmenistan here:
> >   - 
> > https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029
> >   - Snowflake blocked:
> > 
> > https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
> > 
> > Thank you for your support in helping to keep the internet free and open
> > for everyone.
> > 
> > Gus
> > 
> > [1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
> > [2] 
> > https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17
> > https://github.com/net4people/bbs/issues/80
> > 
> > -- 
> > The Tor Project
> > Community Team Lead
> 
> 
> 
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> -- 
> The Tor Project
> Community Team Lead



-- 
The Tor Project
Community Team Lead


signature.asc
Description: PGP signature
___
tor-relays mailing list

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Hello, just a quick update:

Some friends from Turkmenistan told me that they don't think this new
round of online censorship is related to the upcoming elections,
because it's just a "formal" event. In general, they said, shutdowns and
internet disruptions are motivated by other events like:
 - when Russian Duma speaker arrived in TM
 - the wedding day of the president's grandson

Anyway, today we tested some of bridges that you shared with us and I replied
back saying which ones worked and which ones didn't.

Thank you for running a bridge!,
Gus

On Wed, Mar 22, 2023 at 04:25:05PM -0300, gus wrote:
> Dear Relay operators community,
> 
> The parliamentary elections in Turkmenistan are coming up very soon on
> March 26th[1], and the Turkmen government has tightened internet censorship
> and restrictions even more. In the last few months, the Anti-censorship
> community has learned that different pluggable transports, like
> Snowflake, and entire IP ranges, have been blocked in the country.
> Therefore, running a bridge on popular hosting providers like Hetzner,
> Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
> are completely blocked in Turkmenistan.
> 
> Recently, we learned from the Anti-censorship community[2] and via Tor user
> support channels that Tor bridges running on residential connections
> were working fine. Although they were blocked after some days or a week,
> these bridges received a lot of users and were very important to keep
> Turkmens connected.
> 
> How to help Turkmens to access the Internet
> ===
> 
> You can help Turkmens to access the free and open internet by running an
> obfs4 Tor bridge! But here's the trick: you need to run it on a
> residential connection -- you won't need a static IPv4 --, and it would
> ideally be run on more robust hardware than just a Raspberry Pi
> (although that can help, we have found they can get overloaded).
> 
> You can set up an obfs4 bridge by following our official guide:
> https://community.torproject.org/relay/setup/bridge/
> 
> After you setup a new bridge, you can share your bridge line with the
> Tor support team at frontd...@torproject.org, and we will share it with
> users.
> 
> A complete bridge line is composed of:
> 
> IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
> 
> Check this documentation to learn how to share your bridge line:
> https://community.torproject.org/relay/setup/bridge/post-install/
> 
> Just sharing your bridge fingerprint is not the best, but it's fine.
> 
> You can read more about censorship against Tor in Turkmenistan here:
>   - 
> https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029
>   - Snowflake blocked:
> 
> https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
> 
> Thank you for your support in helping to keep the internet free and open
> for everyone.
> 
> Gus
> 
> [1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
> [2] 
> https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17
> https://github.com/net4people/bbs/issues/80
> 
> -- 
> The Tor Project
> Community Team Lead



> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-- 
The Tor Project
Community Team Lead


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

On Wed, Mar 22, 2023 at 09:45:09PM +0100, Toralf Förster wrote:
> On 3/22/23 20:25, gus wrote:
> >   But here's the trick: you need to run it on a
> > residential connection -- you won't need a static IPv4 --,
> 
> So the local bridge reports its (eg at 4 o'clock in the morning changed)
> ip to the bridge db asap? And then ?
 
Then it will be available via one of bridgeDB distributors
(moat/telegram/email/https/settings)[1]. From users perspective, if your
bridge IP change, they will need to fetch your bridge again because we
don't have a 'subscription' system[2]. It's not great, but in
Turkmenistan case, it's better than nothing.

Gus
[1] https://metrics.torproject.org/bridgedb-distributor.html
[2] https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/42
-- 
The Tor Project
Community Team Lead


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Hi Gary,

In this case, you don't need to set a specific distribution mechanism
because users from TM are kinda 'pro' on finding a bridge that will work
for them. And when they find it, they share it over different channels.

Could you test your bridge with bridge status tool?

https://bridges.torproject.org/status?id=FINGERPRINT

Replace 'FINGERPRINT' with your bridge fingerprint and it will show the
status of your bridge. It should advertise your obfs4 as 'functional'.

If it's not functional, feel free to share your torrc + tor logs in
private with me and I'll check it.

cheers!,
Gus

On Wed, Mar 22, 2023 at 11:23:14PM +, Gary C. New via tor-relays wrote:
> Gus,
> Is there a preferred Bridge Distribution Mechanism?
> Within the last couple of months, I've added several obfs4 bridges (latest 
> version) to the Tor network, which seem to meet the requested criteria, but 
> they still don't appear to be receiving traffic.
> I originally set the Bridge Distribution Mechanism to "moat." However, after 
> a month of not receiving traffic, I modified them to "any." Unfortunately, my 
> obfs4 bridges' Bridge Distribution Mechanism is still reporting as "None" in 
> the consensus.
>
>- Transport protocols
>   - obfs4
>- Bridge distribution mechanism
>   - None
> 
> I have confirmed that I am able to manually connect and successfully browse 
> using the obfs4 bridges in question.
> Suggestions?
> Respectfully,
> 
> Gary—
> This Message Originated by the Sun.
> iBigBlue 63W Solar Array (~12 Hour Charge)
> + 2 x Charmast 26800mAh Power Banks
> = iPhone XS Max 512GB (~2 Weeks Charged) 
> 
> On Wednesday, March 22, 2023, 1:25:26 PM MDT, gus  
> wrote:  
>  
>  Dear Relay operators community,
> 
> The parliamentary elections in Turkmenistan are coming up very soon on
> March 26th[1], and the Turkmen government has tightened internet censorship
> and restrictions even more. In the last few months, the Anti-censorship
> community has learned that different pluggable transports, like
> Snowflake, and entire IP ranges, have been blocked in the country.
> Therefore, running a bridge on popular hosting providers like Hetzner,
> Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
> are completely blocked in Turkmenistan.
> 
> Recently, we learned from the Anti-censorship community[2] and via Tor user
> support channels that Tor bridges running on residential connections
> were working fine. Although they were blocked after some days or a week,
> these bridges received a lot of users and were very important to keep
> Turkmens connected.
> 
> How to help Turkmens to access the Internet
> ===
> 
> You can help Turkmens to access the free and open internet by running an
> obfs4 Tor bridge! But here's the trick: you need to run it on a
> residential connection -- you won't need a static IPv4 --, and it would
> ideally be run on more robust hardware than just a Raspberry Pi
> (although that can help, we have found they can get overloaded).
> 
> You can set up an obfs4 bridge by following our official guide:
>     https://community.torproject.org/relay/setup/bridge/
> 
> After you setup a new bridge, you can share your bridge line with the
> Tor support team at frontd...@torproject.org, and we will share it with
> users.
> 
> A complete bridge line is composed of:
> 
>     IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
> 
> Check this documentation to learn how to share your bridge line:
> https://community.torproject.org/relay/setup/bridge/post-install/
> 
> Just sharing your bridge fingerprint is not the best, but it's fine.
> 
> You can read more about censorship against Tor in Turkmenistan here:
>   - 
> https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029
>   - Snowflake blocked:
>     
> https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024
> 
> Thank you for your support in helping to keep the internet free and open
> for everyone.
> 
> Gus
> 
> [1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
> [2] 
> https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17
> https://github.com/net4people/bbs/issues/80
> 
> -- 
> The Tor Project
> Community Team Lead
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>   

> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


-- 
The Tor Project
Community Team Lead


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Gary C. New via tor-relays]

Gus,
Is there a preferred Bridge Distribution Mechanism?
Within the last couple of months, I've added several obfs4 bridges (latest 
version) to the Tor network, which seem to meet the requested criteria, but 
they still don't appear to be receiving traffic.
I originally set the Bridge Distribution Mechanism to "moat." However, after a 
month of not receiving traffic, I modified them to "any." Unfortunately, my 
obfs4 bridges' Bridge Distribution Mechanism is still reporting as "None" in 
the consensus.
   
   - Transport protocols
  - obfs4
   - Bridge distribution mechanism
  - None

I have confirmed that I am able to manually connect and successfully browse 
using the obfs4 bridges in question.
Suggestions?
Respectfully,

Gary—
This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged) 

On Wednesday, March 22, 2023, 1:25:26 PM MDT, gus  
wrote:  
 
 Dear Relay operators community,

The parliamentary elections in Turkmenistan are coming up very soon on
March 26th[1], and the Turkmen government has tightened internet censorship
and restrictions even more. In the last few months, the Anti-censorship
community has learned that different pluggable transports, like
Snowflake, and entire IP ranges, have been blocked in the country.
Therefore, running a bridge on popular hosting providers like Hetzner,
Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
are completely blocked in Turkmenistan.

Recently, we learned from the Anti-censorship community[2] and via Tor user
support channels that Tor bridges running on residential connections
were working fine. Although they were blocked after some days or a week,
these bridges received a lot of users and were very important to keep
Turkmens connected.

How to help Turkmens to access the Internet
===

You can help Turkmens to access the free and open internet by running an
obfs4 Tor bridge! But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --, and it would
ideally be run on more robust hardware than just a Raspberry Pi
(although that can help, we have found they can get overloaded).

You can set up an obfs4 bridge by following our official guide:
    https://community.torproject.org/relay/setup/bridge/

After you setup a new bridge, you can share your bridge line with the
Tor support team at frontd...@torproject.org, and we will share it with
users.

A complete bridge line is composed of:

    IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

Check this documentation to learn how to share your bridge line:
https://community.torproject.org/relay/setup/bridge/post-install/

Just sharing your bridge fingerprint is not the best, but it's fine.

You can read more about censorship against Tor in Turkmenistan here:
  - 
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029
  - Snowflake blocked:
    
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024

Thank you for your support in helping to keep the internet free and open
for everyone.

Gus

[1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
[2] https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17
https://github.com/net4people/bbs/issues/80

-- 
The Tor Project
Community Team Lead
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[Toralf Förster]

On 3/22/23 20:25, gus wrote:

  But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --,


So the local bridge reports its (eg at 4 o'clock in the morning changed)
ip to the bridge db asap? And then ?

--
Toralf

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

[gus]

Dear Relay operators community,

The parliamentary elections in Turkmenistan are coming up very soon on
March 26th[1], and the Turkmen government has tightened internet censorship
and restrictions even more. In the last few months, the Anti-censorship
community has learned that different pluggable transports, like
Snowflake, and entire IP ranges, have been blocked in the country.
Therefore, running a bridge on popular hosting providers like Hetzner,
Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
are completely blocked in Turkmenistan.

Recently, we learned from the Anti-censorship community[2] and via Tor user
support channels that Tor bridges running on residential connections
were working fine. Although they were blocked after some days or a week,
these bridges received a lot of users and were very important to keep
Turkmens connected.

How to help Turkmens to access the Internet
===

You can help Turkmens to access the free and open internet by running an
obfs4 Tor bridge! But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --, and it would
ideally be run on more robust hardware than just a Raspberry Pi
(although that can help, we have found they can get overloaded).

You can set up an obfs4 bridge by following our official guide:
https://community.torproject.org/relay/setup/bridge/

After you setup a new bridge, you can share your bridge line with the
Tor support team at frontd...@torproject.org, and we will share it with
users.

A complete bridge line is composed of:

IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

Check this documentation to learn how to share your bridge line:
https://community.torproject.org/relay/setup/bridge/post-install/

Just sharing your bridge fingerprint is not the best, but it's fine.

You can read more about censorship against Tor in Turkmenistan here:
  - 
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029
  - Snowflake blocked:

https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024

Thank you for your support in helping to keep the internet free and open
for everyone.

Gus

[1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
[2] https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17
https://github.com/net4people/bbs/issues/80

-- 
The Tor Project
Community Team Lead


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays