Dear Tor relay operators,
We’re excited to announce WebTunnel, a new bridge pluggable transport (PT) for the Tor ecosystem. It is a censor resistant proxy that try to imitate HTTPS traffic, based on HTTPT research. We are currently operating a trial soft launch for WebTunnel, and encourage bridge operators to set up WebTunnel bridges to discover issues within the implementation of this new pluggable transport.
When connecting to a WebTunnel Bridge, the client send a http 1.1 upgrade request to the load balancer over an encrypted connection, like how WebSocket works. Thus, from an observator’s point of view, this process looks like a real websocket connection to the real website. If one ever try to connect to the fronting website, then what will be presented will be that fronting website. Without the full URL including the path, which the censor don’t know, it is very difficult to tell if a website hosts a WebTunnel by probing the HTTPS port.
To set up a WebTunnel Bridge, you will need a self-hosted website, a domain under your control,a configurable load balancer, static IPv4, and environment to setup Tor Bridge to setup a WebTunnel Bridge. Docker or other container runtime is recommended to streamline setup process, but is not required.
The setup guide is available here: The Tor Project / Anti-censorship / Pluggable Transports / WebTunnel · GitLab
You can test the WebTunnel bridge by using themost recent version of Tor Browser Alpha. Currently, WebTunnel is only distributed over the HTTPS distributor(torrc setting:‘BridgeDistribution https’).
You can report issues on the Tor Project GitLab Anti-censorship group:
The Tor Project / Anti-censorship / Pluggable Transports / WebTunnel · GitLab.
Given that this new PT is only available now on Tor Browser Alpha, relay operators should not expect significant usage or a large number of users at the moment.
Please let us know if you encountered any difficulty with WebTunnel setup. Thanks for your contribution to the Tor ecosystem.