Around December 20th, reports of difficulties accessing the Tor browser increased again. Snoflake works, but one of my sources reported low speed. On the other hand, ntc.party forum posts describe how blocking access to even old OBFS4 bridges can be bypassed using the zapret software. However, no parameters were specified.
This topic was raised on ntc.party this year. Is it possible to implement something like zapret in Tor to bypass bridge blocking?
Well, if you are specifically talking about difficulties in connecting to Tor via obfs4, then if the bridge is not blocked by IP, but is rather blocked via the ‘all-fully-encrypted-traffic’ block, as on mobile networks, then you can bypass it using some instructions from here:
https://ntc.party/t/обход-блокировки-протокола-obfs4/19048
But recently a new huge issue occurred on many ISPs in Russia: many connections to some hosting providers are throttled, which can affect you even if the censor didn’t manually block a bridge, when that’s the case, I’m not able to bypass that kind of block, what I can recommend is: use another bridge.
Snowflake works more or less, because of the many fronts for the broker and a lot of different Snowflake proxies. If this problem is the case, then try using - or recommend users affected to try using a different bridge. In some situations when the block is manual, not because of some-IPs throttling, you can bypass it. You can visit the Tor Project GitLab to track some blocks and what fixes are proposed.
There was a post on ntc.party that with the software zapert, you can even connect directly without bridges.
Последний месяц на ура залетает вообще без мостов при запущенном Zapret на ПК. А до этого гарантированно работали мосты Snowflake AMP - медленно, но гарантированно цепляется.
I also receive a lot of information about the bridges snowflake not working consistently. Sometimes there is low speed and very long connection time.
No kidding, direct Tor connections work for me right now. 
Even without tools like zapret.
I guess we just rely on bridges so much that we forget to test connections without them… Idk if it’s like this on all ISPs though…
According to the Tor Metrics, if we count the daily users(including relay and bridge users), it’s about 240,000, wow.
RKN has been acting strangely for the past six months. They’re introducing new blocks and new rules, but for some reason they’re repealing old ones. The same applies to programs like zapret. Don’t they have enough resources?
I’d like to monitor blocking in Russia and even offer some advice. But it’s a toxic community, including the zapret author. Perhaps he’s afraid of someone, I don’t know. I’d like to learn more about censorship and their methods, but information is scarce and fragmented.
They have too much, I guess. They got $660 million dollars to spend in the next 5 years to improve the censorship infrastructure. (from 2025 to 2030):
“The document said the modernization efforts aimed to improve TSPU’s bandwidth speeds and “increase the level of efficiency of restricting access to VPN blocking circumvention tools up to 96%”.”
That’s just on paper, though, about the “96%”.
Recently they blocked Roblox and the government got around 60,000 letters in the first week after the block from kids saying that they don’t like the block, many saying that they don’t want to live in a country “that does these sorts of things“. I’m mentioning that to point out that RKN can’t “eject” from the global internet in general, or for a long time because many people would leave the country just because of that, also businesses need to “buy items via different paths” - and that also requires the global net, not even speaking about you know what. So their tactic might be: “make it as painful as possible, but bearable“
But yeah, it doesn’t make sense as to why some stuff started working again, we can only guess: adding so many new filters might have broken some old ones; they’re just “updating their system”, etc…
I’ve been seeing this since the end of last year. First, the RKN focused on YouTube, then Cloudflare etc, and now WhatsApp. During this period, the blocking was truly severe, but then, on orders from the authorities, the agency switches to something else and seemingly forgets what it was doing before.
More TSPUs doesn’t mean more effective blocking. They are configured centrally, and the software for them is also written centrally. I think the lack of resources is most likely due to the difficulty of constantly modifying TSPUs to accommodate new blocking methods so they don’t conflict with each other. Also likely a problem with staffing.
Well, different ISPs still behave differently with censorship, some are definitely exempt from the blocking, or the blocking mechanisms may sometimes differ. (Yandex Cloud is whitelisted from the TSPU, for instance)
I’m not sure what we’re talking about here?
The chart in the original post doesn’t show any huge spikes.
Tor is blocked for a long time.
Slow speed of what? Initial connection or the bandwidth?
Either way, I’d say this has always been the case for Snowflake in Russia, ever since the blocking.
This chart is, unfortunately, some BS, and is not only about Russia. These spikes are seen in many other countries, e.g. Romania, and they remind me of Sudden sharp increase in direct Tor users in Germany (+1.5M).
You probably mean this topic
https://ntc.party/t/перестали-работать-мосты-к-тор/21442/9
but it’s basically just one user saying that bridges stopped working for them. That happens, bridges get blocked. IDK if there is much to see.
Do we have any other concrete data?
Hello and nice to meet you. I’m from Russia and can provide you with information if you wish. Our anti-censorship community is very fragmented indeed (just like everything in Russia lol).
Well I decided to register my account not for that, but because of strange activity recently. I’m using webtunnels as my main bridges for quite a while now. But recently (start of December I guess) after using one webtunnel bridges for couple of days, my whole internet connection became rate limited to 200kb/s approx. The fix was rather simple: disable the device which uses tor or switch bridges. Before that I was able to use one webtunnel bridges for very long time safely. I dunno is that a specific webtunnels became overloaded or my ISP (Rostelecom) did funny stuff.
Yay, more people!
Your whole connection to the bridge or any traffic on the device? If the latter, then even if you try to open a website without spoofing tools?
Well, it probably depends on whether other bridges behaved similarly after that incident.
If so, then it’s most likely the “black box” at your ISP, ISPs don’t have control over that machine, neither over the SORM one, they just let it do it’s thing - as required by law for some time now.
Well, I assume that the reason as to why some obfs4 bridges stopped working for me is the censors adding some kind of new ‘filter’ rule or something… (keep in mind that those bridges are not blocked by IP, because I see some packets coming through, other packets get blocked)
In example Discord seriously stopped working for a lot of providers, even with spoofing, but then after applying a specific fix someone created - voila and it works again, while other DPI spoofing tools just don’t help anymore… Because of the Discord thing, I think that these blocks (such as when I am unable to connect to an obfs4 bridge that isn’t actually blocked by IP) - can be bypassed if you tinker with the censor machines via various tools.
Another example. Sharp increase in bridge use may be linked to the mobilization in Russia on September 20, 2022. This is reflected in the overall number, but is especially noticeable in countries such as Kazakhstan.
These statistics may not be suitable for determining the number of users, but they do reveal censorship events with a high degree of certainty. This is especially true for bridges.
Issue was longer snowflake bridge connections and slower speeds than usual. Also, according to my data, Snowflake the most reliable bridges are currently in Russia. Even the webtunnel isn’t working for some.
Selection of strategies for zapret apparently still works. Perhaps in the future, something similar should be implemented in the Tor browser, as was proposed six months ago.
At the moment, the most advanced strategy looks something like this
--filter-tcp=443 ˂IPSET˃
–hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
–dpi-desync=multisplit
–dpi-desync-split-seqovl=681
–dpi-desync-split-pos=1
–dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
What was meant may be the fact, that there started to be more direct Tor connections, which sort of might mean that RKN loosened the leash on that at least slightly for an unknown reason.
https://ntc.party/t/мосты-webtunnel-в-tor-browser/15595/266
У меня 15 мостов с подменой sni работают и 15 без подмены с андроид фингерпринтом.
Apparently WebTunnel needs an upgrade.
Currently, blocking based on SNI and protocol patterns is prevalent in Russia. This is bypassed by Zapret. With it, you can create fake packets and cut them into pieces, adding the desired SNI or TLS fingerprint. Example in the message above. This bypasses most blocking
Of course, the censor is not standing still and is implementing protection against fakes. That’s why they have to cut up packages into pieces. But for now, they can’t completely break this method.
