Setting up more and more obfs4 bridges is fine, but it literally took me 1 hour to get a bridge supporting iat-mode=2 through https://bridges.torproject.org (that is knowing how to circumvent the fingerprinting measures on that site, which are intended to make it harder for adversaries to get bridge IP’s), this is unacceptable as this is the only way I can connect to Tor in my country.
obfs4 has the possibility to obfuscate the packet size and timing of the underlying protocol it obfuscates, so why is almost no bridge using it?
A call for action is needed, additionally, please also add information about this to the “How to set up a Relay / Bridge” pages.
<div>Setting up more and more obfs4 bridges is fine, but it literally took me 1 hour to get a bridge supporting iat-mode=2 through https://bridges.torproject.org (that is knowing how to circumvent the fingerprinting measures on that site, which are intended to make it harder for adversaries to get bridge IP's), this is unacceptable as this is the only way I can connect to Tor in my country.</div>
<div> </div>
<div>obfs4 has the possibility to obfuscate the packet size and timing of the underlying protocol it obfuscates, so why is almost no bridge using it?</div>
<div> </div>
<div>A call for action is needed, additionally, please also add information about this to the "How to set up a Relay / Bridge" pages.</div>
Hi,
Setting up more and more obfs4 bridges is fine, but it literally took me 1 hour to get a bridge supporting iat-mode=2 through https://bridges.torproject.org (that is knowing how to circumvent the fingerprinting measures on that site, which are intended to make it harder for adversaries to get bridge IP's), this is unacceptable as this is the only way I can connect to Tor in my country.
obfs4 has the possibility to obfuscate the packet size and timing of the underlying protocol it obfuscates, so why is almost no bridge using it?
A call for action is needed, additionally, please also add information about this to the "How to set up a Relay / Bridge" pages.
Please do something.
Regards,
Anonymous
Running in iat-mode=2 requires more than editing the obfs4 bridge config in $DATADIRECTORY/pt_state ?
I wonder why it is not possible to have the bridge client negotiating the iat-mode when connecting to a bridge. So that all obfs4 bridges could run in iat-mode 0, 1 and 2. By reading the obfs4 spec I can see only these 3 possible values for iat-mode, is there any other?
I live in Iran. Can't disclose my ISP because one person using Tor was sent to jail recently even though he did nothing wrong.
For all Bridge Admins:
You can turn change iat-mode with this config entry in your torrc:
ServerTransportOptions obfs4 iat-mode=2
Good Luck.
···
Gesendet: Donnerstag, 20. Januar 2022 um 14:32 Uhr
Von: "gus" <gus@torproject.org>
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] We need bridges with iat-mode set to 1 and especially 2 as well!
Hi Anonymous,
I'm curious about in which country iat_mode is useful. Could you tell us?
<div>Setting up more and more obfs4 bridges is fine, but it literally took me 1 hour to get a bridge supporting iat-mode=2 through https://bridges.torproject.org (that is knowing how to circumvent the fingerprinting measures on that site, which are intended to make it harder for adversaries to get bridge IP's), this is unacceptable as this is the only way I can connect to Tor in my country.</div>
<div> </div>
<div>obfs4 has the possibility to obfuscate the packet size and timing of the underlying protocol it obfuscates, so why is almost no bridge using it?</div>
<div> </div>
<div>A call for action is needed, additionally, please also add information about this to the "How to set up a Relay / Bridge" pages.</div>
Hey,
I live in Iran. Can't disclose my ISP because one person using Tor was sent to jail recently even though he did nothing wrong.
For all Bridge Admins:
You can turn change iat-mode with this config entry in your torrc:
ServerTransportOptions obfs4 iat-mode=2
Good Luck.
Hello,
Wasn't that iat-mode can be used either at one side either at both sides?
E.g. if you use only at your side (client) iat-mode=2 but the bridge runs with iat-mode=0, then only your client will inject traffic but it might still be enough to bypass the filters of the censor.
Of course if both sides (client and bridge) use iat-mode=2 both sides contribute and offering a higher degree of obfuscation, but still, worth trying with just client set to iat-mode=2 and bridge set to iat-mode=0 just so we know here.
So, could you please get an obfs4 bridge from the usual location (bridges.torproject.org) that has a iat-mode=0 (like tha majority of course) and run it in your client with an overwritten iat-mode=2 setting, then tell us if it connects to Tor? This will let us know how helpful the current iat-mode=0 obfs4 bridges are for Iran.
I am spinning 10 new bridges within 24 hours with obfs4, ipv6, low ports and iat-mode=2 natively for Iran anyway, just because you mailed us, but still if you could try what I suggested and let us know it would be great.
> because one person using Tor was sent to jail recently even though he did nothing wrong.
From the point of view of law or sharia, all people are guilty. But there is no law to criminalize those who use Tor. Unless there is evidence of criminal content in their device.
You should not store anything on your device. If this is not the case or the person has not set up a proxy on a server, and the trial only mentions the use of Tor, can you give me more information about him? Maybe I can help.
I live in Iran. Can't disclose my ISP because one person using Tor was sent to jail recently even though he did nothing wrong.
For all Bridge Admins:
You can turn change iat-mode with this config entry in your torrc:
ServerTransportOptions obfs4 iat-mode=2
Good Luck.
Gesendet: Donnerstag, 20. Januar 2022 um 14:32 Uhr
Von: "gus" <gus@torproject.org>
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] We need bridges with iat-mode set to 1 and especially 2 as well!
Hi Anonymous,
I'm curious about in which country iat_mode is useful. Could you tell us?
On Thu, Jan 20, 2022 at 01:52:28PM +0100, juckiuscaesar@web.de wrote:
> <html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
> <div>Hi,</div>
>
> <div> </div>
>
> <div>Setting up more and more obfs4 bridges is fine, but it literally took me 1 hour to get a bridge supporting iat-mode=2 through https://bridges.torproject.org (that is knowing how to circumvent the fingerprinting measures on that site, which are intended to make it harder for adversaries to get bridge IP's), this is unacceptable as this is the only way I can connect to Tor in my country.</div>
>
> <div> </div>
>
> <div>obfs4 has the possibility to obfuscate the packet size and timing of the underlying protocol it obfuscates, so why is almost no bridge using it?</div>
>
> <div> </div>
>
> <div>A call for action is needed, additionally, please also add information about this to the "How to set up a Relay / Bridge" pages.</div>
>
> <div> </div>
>
> <div>Please do something.</div>
>
> <div> </div>
>
> <div>Regards,</div>
>
> <div>Anonymous</div>
> </div></div></body></html>
Yes is true, but this does not work, I think they use DPI devices and if obfs4 / underlying Tor signature is detected, a permanent block for that bridge is added to firewall rules. I tried this many times, only when both side have iat-mode=1 or 2, it is undetected.
If one side has iat-mode=0, internet service provider permanently blocks access to the subnet of the bridge IP (/24), even ICMP / ping don't work anymore for all 255 ip's.. it's sad.
Thank you for hosting bridges, really!! Please make 5 with iat-mode 1 and 5 with iat-mode 2, just in case one iat-mode get's blocked.
I live in Iran. Can't disclose my ISP because one person using Tor was sent to jail recently even though he did nothing wrong.
For all Bridge Admins:
You can turn change iat-mode with this config entry in your torrc:
ServerTransportOptions obfs4 iat-mode=2
Good Luck.
Hello,
Wasn't that iat-mode can be used either at one side either at both sides?
E.g. if you use only at your side (client) iat-mode=2 but the bridge
runs with iat-mode=0, then only your client will inject traffic but it
might still be enough to bypass the filters of the censor.
Of course if both sides (client and bridge) use iat-mode=2 both sides
contribute and offering a higher degree of obfuscation, but still, worth
trying with just client set to iat-mode=2 and bridge set to iat-mode=0
just so we know here.
So, could you please get an obfs4 bridge from the usual location
(bridges.torproject.org) that has a iat-mode=0 (like tha majority of
course) and run it in your client with an overwritten iat-mode=2
setting, then tell us if it connects to Tor? This will let us know how
helpful the current iat-mode=0 obfs4 bridges are for Iran.
I am spinning 10 new bridges within 24 hours with obfs4, ipv6, low ports
and iat-mode=2 natively for Iran anyway, just because you mailed us, but
still if you could try what I suggested and let us know it would be great.
today I heared he was released because his devices did not contain حَرَام / haram contents.
Thanks very much but I have to leave this mailing list now, I might re-join under a different e-mail provider I don't want to get detected and use tor only as little as possible to get uncensored news.
Bye bye brothers, peace for all.
···
Gesendet: Dienstag, 25. Januar 2022 um 14:51 Uhr
Von: "gus" <gus@torproject.org>
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] We need bridges with iat-mode set to 1 and especially 2 as well!
Hi,
I live in Iran. Can't disclose my ISP because one person using Tor was sent to jail recently even though he did nothing wrong.
This look very serious. Can you share more information? There are many
HRD organizations from Iran that we can contact to follow up this case.
From where you get the advice that using bridges 'iat-mode=2' will
protect you? Can you link here?
I live in Iran. Can't disclose my ISP because one person using Tor was sent to jail recently even though he did nothing wrong.
For all Bridge Admins:
You can turn change iat-mode with this config entry in your torrc:
ServerTransportOptions obfs4 iat-mode=2
Good Luck.
Gesendet: Donnerstag, 20. Januar 2022 um 14:32 Uhr
Von: "gus" <gus@torproject.org>
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] We need bridges with iat-mode set to 1 and especially 2 as well!
Hi Anonymous,
I'm curious about in which country iat_mode is useful. Could you tell us?
On Thu, Jan 20, 2022 at 01:52:28PM +0100, juckiuscaesar@web.de wrote:
> <html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
> <div>Hi,</div>
>
> <div> </div>
>
> <div>Setting up more and more obfs4 bridges is fine, but it literally took me 1 hour to get a bridge supporting iat-mode=2 through https://bridges.torproject.org[https://bridges.torproject.org] (that is knowing how to circumvent the fingerprinting measures on that site, which are intended to make it harder for adversaries to get bridge IP's), this is unacceptable as this is the only way I can connect to Tor in my country.</div>
>
> <div> </div>
>
> <div>obfs4 has the possibility to obfuscate the packet size and timing of the underlying protocol it obfuscates, so why is almost no bridge using it?</div>
>
> <div> </div>
>
> <div>A call for action is needed, additionally, please also add information about this to the "How to set up a Relay / Bridge" pages.</div>
>
> <div> </div>
>
> <div>Please do something.</div>
>
> <div> </div>
>
> <div>Regards,</div>
>
> <div>Anonymous</div>
> </div></div></body></html>
Yes is true, but this does not work, I think they use DPI devices and if
obfs4 / underlying Tor signature is detected, a permanent block for that
bridge is added to firewall rules. I tried this many times, only when both
side have iat-mode=1 or 2, it is undetected.
If one side has iat-mode=0, internet service provider permanently blocks
access to the subnet of the bridge IP (/24), even ICMP / ping don't work
anymore for all 255 ip's.. it's sad.
Thank you for hosting bridges, really!! Please make 5 with iat-mode 1 and 5
with iat-mode 2, just in case one iat-mode get's blocked.
Done, 16 days ago.
A few dozen more are coming in 2-3 weeks.
