Tor Project wants help in fighting oppressive regimes

Aug 4, 2016 16:10 GMT  ·  By

After helping the Debian Project move operations to the Dark Web, the
Tor Project is now highlighting a hidden feature of the Tor Browser that allows users from certain countries to access the Tor network, even if that state is actively blocking access to the Tor relays themselves.

Countries such as China, Iran, Kazakhstan, Uzbekistan, and others use state-level ISP blocks to prevent TOR Browsers from connecting to Tor relays, the entry point to the Tor network.

The thinking is that if users can't connect to Tor, they can't use Tor to sidestep state-level firewalls and won't have the means to access "sensitive" content, censored by a country's ruling regime.

For the Tor network to properly work, the list of Tor relays always needs to be public, which also allows oppressive countries to block the relays any time they wish.

Pluggable Transports hide Tor traffic

Since the practice of state-level Internet censorship has been gaining ground, the Tor Project has published a blog post today, revealing a hidden feature that's been available in the Tor Browser for years.

Called Pluggable Transports (PT), these are special tools inside the Tor Browser package that take regular Web traffic and disguise it as innocuous protocols, where authorities rarely look.

These PTs connect to special relays, called PT bridges, which send the Tor traffic to its destination. The Tor Project is asking the community for help, requesting users to host PT bridges as well, not only regular Tor relays.

Currently, the Tor Browser supports four PT types and is working on adding three more.  

PT Description Language Maintainer
obfs4 (recommended) It is a transport with the same features as ScrambleSuit but utilizing Dan Bernstein's elligator2 technique for public key obfuscation, and the ntor protocol for one-way authentication. This results in a faster protocol. Go Yawning Angel
meek (recommended for Chinese users) It is a transport that uses HTTP for carrying bytes and TLS for obfuscation. Traffic is relayed through a third-party server (Google App Engine). It uses a trick to talk to the third party so that it looks like it is talking to an unblocked server. Go David Fifield
Format-Transforming Encryption (FTE) It transforms Tor traffic to arbitrary formats using their language descriptions. See the research paper. Python/C++ Kevin Dyer
ScrambleSuit It is a pluggable transport that protects against follow-up probing attacks and is also capable of changing its network fingerprint (packet length distribution, inter-arrival times, etc.). Python Philipp Winter
StegoTorus (Undeployed PT) It is an Obfsproxy fork that extends it to a) split Tor streams across multiple connections to avoid packet size signatures, and b) embed the traffic flows in traces that look like HTML, JavasCript, or PDF. C++ Zack Weinberg
SkypeMorph (Undeployed PT) It transforms Tor traffic flows so they look like Skype Video C++ Ian Goldberg
Dust (Undeployed PT) It aims to provide a packet-based (rather than connection-based) DPI-resistant protocol. Python Brandon Wiley