I noticed that when I get bridges for tor, iat-mode setting is already set to different values (0-2). Based on my own research, iat-mode is an obfuscation setting, where 0 is supposedly no obfuscation, and 2 is maximum obfuscation (correct me if I’m wrong). I edited the iat-mode of one of the bridges I was provided from 0 to 2, and for some reason when I opened nyx to see info about my connections, it only used the bridge where iat-mode (originally set to 2) was unedited/provided as is on the tor bridges webpage, and after connecting to the bridge where I edited iat-mode, it gave me “general SOCKS server failure” a second later and switched to unedited bridge. I checked the tor relay search, searched by fingerprint of the bridges, and both bridges seem to be running.
No, you can’t. The bridge owner can specify their iat-mode and this is the obfuscation mode that will be used when sending traffic from the bridge to you. You can specify yours, but this will be the mode for sending data from you to the bridge. On average, a Tor user receives much more data than he sends to the network. Therefore, the most important thing here is the iat-mode that is installed on the bridge.
But afaik the DPI machine would only check the outbound traffic.
Never heard of such a thing. If it is really necessary, why not use a bridge with iat2 on both the bridge and the client? There is a risk that a non-standard configuration, when the user sets one mode, and the bridge expects another, will stand out among the traffic
For example, in HTTP(S), its response is always larger than the request, but the most common censorship-targeted information is the Host header and TLS SNI, all in the request. China has stopped filtering HTTP HTML responses since 2008.
But from this, different places may differ.
I agree that it’s non-standard. But the OP is asking if it’s possible, be able to or not, no?
No idea why it failed, as they said. The iatMode seems to not affect read/receive.