[tor-relays] Help Turkmens to bypass Internet censorship: run an obfs4 bridge!

Dear Relay operators community,

The parliamentary elections in Turkmenistan are coming up very soon on March 26th[1], and the Turkmen government has tightened internet censorship and restrictions even more. In the last few months, the Anti-censorship community has learned that different pluggable transports, like Snowflake, and entire IP ranges, have been blocked in the country. Therefore, running a bridge on popular hosting providers like Hetzner, Digital Ocean, Linode, and AWS won't help as these providers' IP ranges are completely blocked in Turkmenistan.

Recently, we learned from the Anti-censorship community[2] and via Tor user support channels that Tor bridges running on residential connections were working fine. Although they were blocked after some days or a week, these bridges received a lot of users and were very important to keep
Turkmens connected.

How to help Turkmens to access the Internet

You can help Turkmens to access the free and open internet by running an obfs4 Tor bridge! But here's the trick: you need to run it on a residential connection -- you won't need a static IPv4 --, and it would ideally be run on more robust hardware than just a Raspberry Pi (although that can help, we have found they can get overloaded).

You can set up an obfs4 bridge by following our official guide.

After you setup a new bridge, you can share your bridge line with the Tor support team at frontdesk@torproject.org, and we will share it with users.

A complete bridge line is composed of:

IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

Check this documentation to learn how to share your bridge line:

Just sharing your bridge fingerprint is not the best, but it's fine.

You can read more about censorship against Tor in Turkmenistan here:
  - [Turkmenistan] Number of directly connecting users is going down (#40029) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
  - Snowflake blocked.

Thank you for your support in helping to keep the internet free and open for everyone.

Gus

[1] 2023 Turkmen parliamentary election - Wikipedia
[2] Turkmenistan - NTC
Bidirectional DNS, HTTPS, HTTP injection in Turkmenistan · Issue #80 · net4people/bbs · GitHub

--
The Tor Project
Community Team Lead

4 Likes

So the local bridge reports its (eg at 4 o'clock in the morning changed)
ip to the bridge db asap? And then ?

···

On 3/22/23 20:25, gus wrote:

  But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --,

--
Toralf

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Gus,

Is there a preferred Bridge Distribution Mechanism?

Within the last couple of months, I’ve added several obfs4 bridges (latest version) to the Tor network, which seem to meet the requested criteria, but they still don’t appear to be receiving traffic.

I originally set the Bridge Distribution Mechanism to “moat.” However, after a month of not receiving traffic, I modified them to “any.” Unfortunately, my obfs4 bridges’ Bridge Distribution Mechanism is still reporting as “None” in the consensus.

Transport protocols
obfs4
Bridge distribution mechanism
[None](https://bridges.torproject.org/info#none)

I have confirmed that I am able to manually connect and successfully browse using the obfs4 bridges in question.

Suggestions?

Respectfully,

Gary

···


This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)

  • 2 x Charmast 26800mAh Power Banks
    = iPhone XS Max 512GB (~2 Weeks Charged)

On Wednesday, March 22, 2023, 1:25:26 PM MDT, gus gus@torproject.org wrote:

Dear Relay operators community,

The parliamentary elections in Turkmenistan are coming up very soon on
March 26th[1], and the Turkmen government has tightened internet censorship
and restrictions even more. In the last few months, the Anti-censorship
community has learned that different pluggable transports, like
Snowflake, and entire IP ranges, have been blocked in the country.
Therefore, running a bridge on popular hosting providers like Hetzner,
Digital Ocean, Linode, and AWS won’t help as these providers’ IP ranges
are completely blocked in Turkmenistan.

Recently, we learned from the Anti-censorship community[2] and via Tor user
support channels that Tor bridges running on residential connections
were working fine. Although they were blocked after some days or a week,
these bridges received a lot of users and were very important to keep
Turkmens connected.

How to help Turkmens to access the Internet

You can help Turkmens to access the free and open internet by running an
obfs4 Tor bridge! But here’s the trick: you need to run it on a
residential connection – you won’t need a static IPv4 --, and it would
ideally be run on more robust hardware than just a Raspberry Pi
(although that can help, we have found they can get overloaded).

You can set up an obfs4 bridge by following our official guide:
https://community.torproject.org/relay/setup/bridge/

After you setup a new bridge, you can share your bridge line with the
Tor support team at frontdesk@torproject.org, and we will share it with
users.

A complete bridge line is composed of:

IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

Check this documentation to learn how to share your bridge line:
https://community.torproject.org/relay/setup/bridge/post-install/

Just sharing your bridge fingerprint is not the best, but it’s fine.

You can read more about censorship against Tor in Turkmenistan here:

Thank you for your support in helping to keep the internet free and open
for everyone.

Gus

[1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
[2] https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17
https://github.com/net4people/bbs/issues/80


The Tor Project
Community Team Lead


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Hi Gary,

In this case, you don't need to set a specific distribution mechanism
because users from TM are kinda 'pro' on finding a bridge that will work
for them. And when they find it, they share it over different channels.

Could you test your bridge with bridge status tool?

https://bridges.torproject.org/status?id=FINGERPRINT

Replace 'FINGERPRINT' with your bridge fingerprint and it will show the
status of your bridge. It should advertise your obfs4 as 'functional'.

If it's not functional, feel free to share your torrc + tor logs in
private with me and I'll check it.

cheers!,
Gus

···

On Wed, Mar 22, 2023 at 11:23:14PM +0000, Gary C. New via tor-relays wrote:

Gus,
Is there a preferred Bridge Distribution Mechanism?
Within the last couple of months, I've added several obfs4 bridges (latest version) to the Tor network, which seem to meet the requested criteria, but they still don't appear to be receiving traffic.
I originally set the Bridge Distribution Mechanism to "moat." However, after a month of not receiving traffic, I modified them to "any." Unfortunately, my obfs4 bridges' Bridge Distribution Mechanism is still reporting as "None" in the consensus.
   
   - Transport protocols
      - obfs4
   - Bridge distribution mechanism
      - None

I have confirmed that I am able to manually connect and successfully browse using the obfs4 bridges in question.
Suggestions?
Respectfully,

Gary—
This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged)

    On Wednesday, March 22, 2023, 1:25:26 PM MDT, gus <gus@torproject.org> wrote:

Dear Relay operators community,

The parliamentary elections in Turkmenistan are coming up very soon on
March 26th[1], and the Turkmen government has tightened internet censorship
and restrictions even more. In the last few months, the Anti-censorship
community has learned that different pluggable transports, like
Snowflake, and entire IP ranges, have been blocked in the country.
Therefore, running a bridge on popular hosting providers like Hetzner,
Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
are completely blocked in Turkmenistan.

Recently, we learned from the Anti-censorship community[2] and via Tor user
support channels that Tor bridges running on residential connections
were working fine. Although they were blocked after some days or a week,
these bridges received a lot of users and were very important to keep
Turkmens connected.

How to help Turkmens to access the Internet

You can help Turkmens to access the free and open internet by running an
obfs4 Tor bridge! But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --, and it would
ideally be run on more robust hardware than just a Raspberry Pi
(although that can help, we have found they can get overloaded).

You can set up an obfs4 bridge by following our official guide:
Tor Project | Bridge

After you setup a new bridge, you can share your bridge line with the
Tor support team at frontdesk@torproject.org, and we will share it with
users.

A complete bridge line is composed of:

IP:OBFS4\_PORT FINGERPRINT cert=obfs4\-certificate iat\-mode=0

Check this documentation to learn how to share your bridge line:
Tor Project | Post-install

Just sharing your bridge fingerprint is not the best, but it's fine.

You can read more about censorship against Tor in Turkmenistan here:
- [Turkmenistan] Number of directly connecting users is going down (#40029) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
- Snowflake blocked:
Blocking of Snowflake in Turkmenistan, 2021-10-24 (#40024) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab

Thank you for your support in helping to keep the internet free and open
for everyone.

Gus

[1] 2023 Turkmen parliamentary election - Wikipedia
[2] Turkmenistan - NTC
Bidirectional DNS, HTTPS, HTTP injection in Turkmenistan · Issue #80 · net4people/bbs · GitHub

--
The Tor Project
Community Team Lead
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page
  
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

--
The Tor Project
Community Team Lead

Then it will be available via one of bridgeDB distributors
(moat/telegram/email/https/settings)[1]. From users perspective, if your
bridge IP change, they will need to fetch your bridge again because we
don't have a 'subscription' system[2]. It's not great, but in
Turkmenistan case, it's better than nothing.

Gus
[1] Users – Tor Metrics
[2] Proposal: Support for Dynamic IP obfs4 bridges with unattended proxy information update(aka "Subscription") (#42) · Issues · The Tor Project / Anti-censorship / Team · GitLab

···

On Wed, Mar 22, 2023 at 09:45:09PM +0100, Toralf Förster wrote:

On 3/22/23 20:25, gus wrote:
> But here's the trick: you need to run it on a
> residential connection -- you won't need a static IPv4 --,

So the local bridge reports its (eg at 4 o'clock in the morning changed)
ip to the bridge db asap? And then ?

--
The Tor Project
Community Team Lead

Hello, just a quick update:

Some friends from Turkmenistan told me that they don't think this new
round of online censorship is related to the upcoming elections,
because it's just a "formal" event. In general, they said, shutdowns and
internet disruptions are motivated by other events like:
- when Russian Duma speaker arrived in TM
- the wedding day of the president's grandson

Anyway, today we tested some of bridges that you shared with us and I replied
back saying which ones worked and which ones didn't.

Thank you for running a bridge!,
Gus

···

On Wed, Mar 22, 2023 at 04:25:05PM -0300, gus wrote:

Dear Relay operators community,

The parliamentary elections in Turkmenistan are coming up very soon on
March 26th[1], and the Turkmen government has tightened internet censorship
and restrictions even more. In the last few months, the Anti-censorship
community has learned that different pluggable transports, like
Snowflake, and entire IP ranges, have been blocked in the country.
Therefore, running a bridge on popular hosting providers like Hetzner,
Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
are completely blocked in Turkmenistan.

Recently, we learned from the Anti-censorship community[2] and via Tor user
support channels that Tor bridges running on residential connections
were working fine. Although they were blocked after some days or a week,
these bridges received a lot of users and were very important to keep
Turkmens connected.

How to help Turkmens to access the Internet

You can help Turkmens to access the free and open internet by running an
obfs4 Tor bridge! But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --, and it would
ideally be run on more robust hardware than just a Raspberry Pi
(although that can help, we have found they can get overloaded).

You can set up an obfs4 bridge by following our official guide:
    Tor Project | Bridge

After you setup a new bridge, you can share your bridge line with the
Tor support team at frontdesk@torproject.org, and we will share it with
users.

A complete bridge line is composed of:

    IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0

Check this documentation to learn how to share your bridge line:
Tor Project | Post-install

Just sharing your bridge fingerprint is not the best, but it's fine.

You can read more about censorship against Tor in Turkmenistan here:
  - [Turkmenistan] Number of directly connecting users is going down (#40029) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
  - Snowflake blocked:
    Blocking of Snowflake in Turkmenistan, 2021-10-24 (#40024) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab

Thank you for your support in helping to keep the internet free and open
for everyone.

Gus

[1] 2023 Turkmen parliamentary election - Wikipedia
[2] Turkmenistan - NTC
Bidirectional DNS, HTTPS, HTTP injection in Turkmenistan · Issue #80 · net4people/bbs · GitHub

--
The Tor Project
Community Team Lead

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

--
The Tor Project
Community Team Lead

1 Like

Hello,

Another update:

As it's very hard to get a vantage point in the country[1], we've asked
feedback from users to understand what works there. But, if by any chance
you have access to a machine hosted there, do let me know! You can
contact me in private. :slight_smile:

Based on user feedback, we learned that obfs4 bridges running on
residential connections + port 80, 443 or 8080 works in Turkmenistan.
Last week I asked some operators to change their bridge obfs4 port and
it worked!

Unfortunately, users reported that censors blocked some bridges. You can
even see that on Tor Metrics graph. For example:
- Relay Search
- Relay Search

If you're operating these bridges and can easily rotate the IP address, please
do!

Finally, if you want to learn more about censorship in Turkmenistan, you
can check this great presentation[2] from last year.

Thanks for running bridges!
Gus

[1] VPS в Туркменистане - #9 by s11 - Turkmenistan - NTC
[2] Censorship in Turkmenistan Slides.pdf - Google Drive

···

On Thu, Mar 23, 2023 at 01:00:17PM -0300, gus wrote:

Hello, just a quick update:

Some friends from Turkmenistan told me that they don't think this new
round of online censorship is related to the upcoming elections,
because it's just a "formal" event. In general, they said, shutdowns and
internet disruptions are motivated by other events like:
- when Russian Duma speaker arrived in TM
- the wedding day of the president's grandson

Anyway, today we tested some of bridges that you shared with us and I replied
back saying which ones worked and which ones didn't.

Thank you for running a bridge!,
Gus

On Wed, Mar 22, 2023 at 04:25:05PM -0300, gus wrote:
> Dear Relay operators community,
>
> The parliamentary elections in Turkmenistan are coming up very soon on
> March 26th[1], and the Turkmen government has tightened internet censorship
> and restrictions even more. In the last few months, the Anti-censorship
> community has learned that different pluggable transports, like
> Snowflake, and entire IP ranges, have been blocked in the country.
> Therefore, running a bridge on popular hosting providers like Hetzner,
> Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
> are completely blocked in Turkmenistan.
>
> Recently, we learned from the Anti-censorship community[2] and via Tor user
> support channels that Tor bridges running on residential connections
> were working fine. Although they were blocked after some days or a week,
> these bridges received a lot of users and were very important to keep
> Turkmens connected.
>
> How to help Turkmens to access the Internet
> ===========================================
>
> You can help Turkmens to access the free and open internet by running an
> obfs4 Tor bridge! But here's the trick: you need to run it on a
> residential connection -- you won't need a static IPv4 --, and it would
> ideally be run on more robust hardware than just a Raspberry Pi
> (although that can help, we have found they can get overloaded).
>
> You can set up an obfs4 bridge by following our official guide:
> Tor Project | Bridge
>
> After you setup a new bridge, you can share your bridge line with the
> Tor support team at frontdesk@torproject.org, and we will share it with
> users.
>
> A complete bridge line is composed of:
>
> IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
>
> Check this documentation to learn how to share your bridge line:
> Tor Project | Post-install
>
> Just sharing your bridge fingerprint is not the best, but it's fine.
>
> You can read more about censorship against Tor in Turkmenistan here:
> - [Turkmenistan] Number of directly connecting users is going down (#40029) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
> - Snowflake blocked:
> Blocking of Snowflake in Turkmenistan, 2021-10-24 (#40024) · Issues · The Tor Project / Anti-censorship / censorship-analysis · GitLab
>
> Thank you for your support in helping to keep the internet free and open
> for everyone.
>
> Gus
>
> [1] 2023 Turkmen parliamentary election - Wikipedia
> [2] Turkmenistan - NTC
> Bidirectional DNS, HTTPS, HTTP injection in Turkmenistan · Issue #80 · net4people/bbs · GitHub
>
> --
> The Tor Project
> Community Team Lead

> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> tor-relays Info Page

--
The Tor Project
Community Team Lead

--
The Tor Project
Community Team Lead

2 Likes