Out of curiosity, why would it not be easier for the censor gang to just block all traffic to outside of Russia then have an allow list. I’m not suggesting they should.
It may not be practical but it seems they can do what they want.
It says there that the bridges work for the user.
Would it make sense to implement a 3rd party tool like zapret into the Tor Browser?
Like the configuration that is used for the Discord fix.
Well, the economy, as dead as it is would probably be eliminated, people need to call other people in Europe and such, you won’t even be able to call people in “friendly countries”…
Russia is too internet-integrated, many businesses would probably shatter, also as I mentioned before many people would leave (maybe even lots of millions) because for some the internet is a big thing.
I guess North Korea is the only place, whose citizens are successfully “isolated” from the global net.
See? Russia is not North Korea, so I would instead expect more advanced blocks. But with that come more advanced anti-blocks. In North Korea, 10,000 are thought to have access to the internet, mostly rich people. In Russia, since 2024 there are approx. 94.36 million internet users. (85% of the population)
Even if they turn off the global net whenever, it would not be for long, I think.
This will have serious consequences. A complete blocking of the international internet is possible. But this is a political decision.
Authorities hope that people will switch to Russian software on their own. They won’t because it’s uncompetitive. For example, despite the difficulties, people continue to use YouTube. Not a single Russian-language blogger I know has switched completely to RuTube.
1 Like
I agree. It’s very risky move to block all connections outside from Russia. Russian IT giants were built with free internet in mind and Russia relies heavily on internet technologies (system of fast payments, government services, etc).
If crazy politics will take this move this is will be equally crazy as shock therapy in the 90s. But in our world it’s will be unsurprising already.
1 Like
My whole connection was rate-limited. Also I live in heavily censored region afaik. We have whitelists on cellular network for months now 24/7. I was worried that this is new blockage strategy is dynamic and somehow finds out when user is using bridges, because it were behaving strangely.
Also Happy New Year!
1 Like
A new censorship update in Russia. Old zapret strategies no longer work. Apparently, it’s the same 16 KB block. Apparently, large services like Cloudflare, youtube and VPN hosting are affected, but there are no reports of issues with Tor. There are reports that Tor is now working without bridges for some users.
Because tor is not https. What censors did effectively killed HTTPS protocol, what was that people were saying about it being unkillable? Apparently it’s just as fragile
Either way, spoofing sni from whitelisted domains works a lot of hosting providers, especially cloudflare since half the internet is on cloudflare and it’s easy to find whitelisted domain. But yes, whitelists are officially here. You can write in research papers 2026/01/14 is day when whitelists have come to this country.
Well, i.e. YouTube works with very simple spoofing; Discord requires more advanced spoofing.
Simple spoofing like simple ByeDPI configurations stopped working effectively.
They seem to have different blocking mechanisms for different types of traffic.
It looks like several Tor relay IPs are whitelisted (I don’t mean the mobile networks’ whitelists) now, but not all relays.
According to updated data, this is likely an expansion of blocking to new regions. 16 KB, anti-fake, etc.
But why?
1 Like
No clue.
As a fun fact, the direct Tor connections look like randomized fake-domain requests. (without any configuration from the end-user)
www.randomized-domain-name-gibberish.com
The direct connections work better with packet splitting.
We can probably only theorize: to identify Tor users, they control the specific whitelisted nodes (I doubt that possibility as the nodes are pretty random), they just got sloppy with the TSPU stuff; understaffing, etc… This is most likely temporary.
It seems like WhatsApp is blocked by IP now, “advanced zapret configs” don’t help with “unblocking it”.
Vanilla snowflake is dead. Since the whitelists, none of the cdn77 addresses used for bootstrapping work, there is not enough data since 16kb block. Logs showing connection getting stuck at 30%, no errors, just infinite keep-alive session in wireshark with origin front=any.cdn77.domain and its ip
Are there any cdn77 domains that can be used for bootstrapping that are in whitelists?
Jan 17 12:01:21.000 [notice] Managed proxy “client”: connected
Jan 17 12:01:21.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Jan 17 12:01:22.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 17 12:01:22.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Jan 17 12:01:22.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Jan 17 12:01:22.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Jan 17 12:01:24.000 [notice] Delaying directory fetches: No running bridges
Jan 17 12:01:32.000 [notice] new bridge descriptor ‘xxx’ 192.xxx
Managed proxy “client”: trying a new proxy: sending reset packet in non-established state: state=Closed
then it loops, gets stuck and continues being silent. I think censors don’t do 16kb block anymore, this is 0kb block now, because if on 14th I was able to wget some parts of media (around 20kb) from my website, now I get 0 bytes. Maybe it was deliberately done so low bandwidth things like snowflake or torrent trackers that use less than 16kb of data to fetch peers die as well? Is i2p bootstrap also screwed? Can someone check, my i2p runs 24/7 and I always made peer backups so never used bootstrap because of stuff like this, and yes, technically google amp cache is such backup too, but I’m talking vanilla
You’re right, it might be temporary. It’s also good that Tor can’t be blocked so easily by IP, especially snowflake.
Yes, but that’s as long as the broker fronts are reachable… 
I haven’t seen much activity from Roskomnadzor in the last couple of weeks. This might be related to this.
4 Likes
They usually passively come up with new censorship filters.
They asked the whitelisted companies to isolate their customer services from their pages.
The technical department operates independently. On the other hand, this person worked in the coordination department and was responsible for monitoring and setting tasks.
1 Like
More reports of problems connecting to bridges. It’s not clear what type.