Technology Preview: Bridge by default for Microsoft Windows clients

by phobos | June 6, 2010

We keep hearing from people around the world that clicking the 3 buttons to turn yourself into a bridge is too difficult todo for most users. These people have repeatedly asked for a "bridge by default" configuration in a package. Here it is: http://archive.torproject.org/tor-package-archive/technology-preview/

When you install and run this package, you are a bridge relay helping censored users around the world access Tor and the uncensored Internet.
To understand more about bridges, read https://sedvblmbog.tudasnich.de/bridges.

This is the installable Vidalia bundle configured to be a bridge by default. This is Tor 0.2.2.13-alpha, Vidalia 0.2.9, Polipo 1.0.4.1. The only difference between this bridge-bundle and the vidalia-bundle is the bridge configuration.

When started, Vidalia attempts to use UPnP to reconfigure any NAT/router device to open port 9001 for tor and 9030 for a directory mirror. The bandwidth is set to consume greater than 1.5 Mbps. It works just like the vidalia-bundle (because it is the vidalia-bundle) where if UPnP fails, it prompts you to open the correct ports on your NAT/router.

None of this is final configuration. It is merely a "does it work for you?" test package. So far, it's worked on the 4 different networks I've tried. Apologies to the 300 Chinese users who used my bridge on one of the test networks, only to have it go away a day later.

Update 2010-06-11: Fixed a vidalia.conf issue which wasn't a problem, but looked like the controlport was open and un-authenticated. uploaded new binaries and removed the old ones. The bridge-bundle nsi file that creates this bundle is in Vidalia svn. Just replace vidalia-bundle.nsi.in with the bridge-bundle.nsi.in and create your bundle.

Comments

Please note that the comment area below has been archived.

June 06, 2010

Permalink

I'd downloaded and installed this version of Tor, and I can ping the default bridges. But I can't connect to Tor network.

Jun 07 11:37:35.542 [Notice] Bootstrapped 10%: Finishing handshake with directory server.
Jun 07 11:37:35.759 [Warning] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 3; recommendation warn)
Jun 07 11:52:37.845 [Warning] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 6; recommendation warn)

June 06, 2010

Permalink

Very good, but I ask: Why put the bridges on port 9001? Doesn't that make it extremely easy to block?

Any port is easy to block. The point of this is a technology preview, not final configuration. It's unclear that port 443 is less likely to be blocked than 9001, or heck 31337. However, concern about 9001 standing out is registered.

June 10, 2010

In reply to phobos

Permalink

Actually, not all ports are so easy to block. 443, for instance, would not be so easy to block for obvious reasons. Any *single* port aside from 443 and a handful of others, if assigned to all Tor bridges, would be easy to block. What wouldn't be so easy to block, would be if all of those UPNP-based automatic port opening clients chose a port at random from a pool, say 1024-65535. :)

June 07, 2010

Permalink

This may happen fairly often: A nonexpert user would like to try a Linux distribution on a Windows machine, but wants Tor (preferably with the latest Vidalia) and is not confident that he could get it going on most (if any) distributions. From web search I have formed the impression that installation would be much easier on some distributions than on others. The impression.

Is there a resource that identifies which Linux distributions are most amenable to Tor/Vidalia installation by the nonexpert? Would anyone who knows kindly identify the distributions here? Information would be appreciated, so thanks in advance.

We maintain our own repositories for tor rpms and debs for linux distributions. See https://sedvblmbog.tudasnich.de/download-unix.html.en Most native distribution repositories are out of date with respect to Tor versions.

Windows and Mac operating systems are reliant on the user either noticing new versions through Vidalia prompts, or subscribing to this blog's rss feed or or-announce mailing list.

June 07, 2010

Permalink

> the 300 Chinese users who used my bridge on one of the test networks,
> only to have it go away a day later.

For the past dozen of weeks, I've experienced the same problem. Whenever I retrieved a few new bridges via gmail, they would go away soon (less than a day) if they did work for the first time. Most of them didn't work at all. It's dubious that Tor traffic is being monitored and screened by some kind of automatic mechanisms. We just can't image that this is all done by hand.

It'd be better if we look into more robust bridging systems, and double check whether the tor traffic has some kind of easily discernible protocol signature or not. I'd like to be a volunteer for the tests if you need any, I hold a degree on computer science.

Current testing from within China shows simple IP:port blocks. We've found that bridges are more volatile than relays. People seem to set them up with a temporary mindset. Yes, we need a better way to bootstrap into the network if the default public relay list doesn't work.

June 07, 2010

Permalink

Why not make the default configuration be a relay for all Tor? This effectively turns Tor into a darknet, but not a F2F net, since users don't need to know and trust each other beforehand.

June 08, 2010

Permalink

Yes, this will make it more difficult for the damn GFW to block tor user in China mainland. Thank you very much.

June 08, 2010

Permalink

This will make it more difficult for the damn GFW to block tor users in China mainland. Thank you very much.

June 08, 2010

Permalink

This will make it more difficult for the damn GFW to block tor users in China mainland. Thank you very much.

June 10, 2010

Permalink

Tor is great. Using other proxies, I can be very proud that members of this community are really working hard.
I would love to contribute to the improvement of Tor but at the same time remain very very anonymous. How?
Can I use my Forex platform with Tor though it's experimental, if yes how do I configure such.

June 12, 2010

Permalink

Another thing:
please move from gmail to another email provider for sending bridges.
Depending on you ip address, gmail may ask for SMS VERIFICATION.
This is not a joke, see http://googlesystem.blogspot.com/2009/07/creating-gmail-account-require…
I and many people don't have cell phones, and it makes creating gmail accounts harder as a proxy or tor exit node in a country without the verification is needed, and many people will be unable to get them, even for people with cell phones many carriers are not supported and I have heard of many cases of people entering the number, not getting the sms, and then they could not use the number again as it has already been used a few times.
Even the people with cell phones who care about privacy will not accept this, no other free webmail provider involves these kinds of privacy violations for setting up an account, tor should not require the webmail provider with the most privacy violations, please move to a differerent webmail provider that is more secure and accessible.

We are aware of this. The issue is gmail may require an sms verification, frequently it does not. gmail seems to ask for sms verification when lots of new account requests occur from a single IP, like a tor exit node. We're working on incorporating other email providers that offer ssl and provide dkim headers.

Ticket https://trac.torproject.org/projects/tor/ticket/1562 is to track this progress.

Hi!!!!!!!!!!!!!!!!!!!!!!!!!!!

Very good post Anonymous!!!!!!!!!!!!!!!

All people using google services are dumb, i don't know why they want to land all their personal details to the evilest multinational company ever!!!!!!!! Google is the only web search engine awarded of the Hostile to Privacy black medal, due to its practice of data-gathering just through their public search engine!!!!! Look at the Consultation Report 2007 of Privacy International http://www.privacyinternational.org/issues/internet/interimrankings.pdf !!! Yeah, I know it's a shame that the TorProject forces you to register to google!!!!!! hopefully that's going to change!!!!!!! By the way, Google has added the phone verification after, in a later time when Tor was already using gmail, so the TorProject is actually a victim of Google as well!!!

I've never registered one Gmail account, because i know it's for sure the worst email service ever!!!!!!!!!!!!! But due to my curiosity, i went to look for their registration policy and i also noticed that every time Google asked me for my cellphone number!!!!! Hah!! They want to link each email address with a cellphone, no more "anonymous" accounts filled up with fake personal details!!!!!!! Google is very evil, and people caring about theirs privacy mustn't use anything provided by or related to Google!!!!!!!

I'm currently using GMX as my email provider, it has one interface better than Yahoo Mail and it provides the HTTPS connection!!!!!!!! https://www.gmx.com/

bye!!!!!!!!!!!!
~bee!!!!!!!!

June 14, 2010

Permalink

Hi Bee,

>>I've never registered one Gmail account
>>it has one interface better than Yahoo Mail

You've never registered one Gmail account? It has one interface? You're Chinese, aren't you. Using a literal translation of 一个 is a classic grammatical mistake made by Chinese speakers of English. Remember, English has an indefinite article ("a"). English goes not use "one" in this way.

If you had been paying attention in English class you would have said, "I've never registered a Gmail account", and "It has a better interface than Yahoo Mail".

Hahaha, me too, I think bee is a moron and so so arrogant.

Even if bee is Chinese I think bee would know enough to not be so arrogant and brash and not use so many damn exclamation points. It's funny to me that bee has been booted out of lots of online communities like Mozilla blog, Wikipedia (bee tried to make a page for bee's unnecessary option to Tor Browser Bundle only to have Wikipedia people delete his page right away and stop him from making another) and now, thankfully, the Tor devs are also shunning bee...happy days!

Hi!!!!!!!!!!
That's quite wrong!!!!! Well, at wikipedia, they did removed my page about factorbee, but they also explained me that it's possible to make it again, when i'll find articles talking about my browser bundle!!!!!! yeah!! and also, there is for example my bee su at Wikipedia, i added it long time ago in its proper page http://tinyurl.com/27pfbv5 !!!!!!!! (there are plenty of articles about bee su, so that's ok!!!!!!!!!!)
What is strange about wikipedia, is when you send emails to Jimbo (the dictator of wikipedia), and the team of wikipedia answers in place of him!!!!!!!! I don't think that is what you had to expect!!!!
As for AMOs, read Googlezilla, they're usual to remove all the posts they dislike, so they did it with mine as well!!!! I decided to leave, because i don't like AMOs!!!!!!!!!!!!!!! i never liked them!!!!! AMO sucks!!!!! They're usual to censor everything you say against google and them!!!!!!!
I don't know about what you said about TOR, but i think it's mostly untrue!!!!! Since i'm here, and so far only mike perry proved himself to be nasty with me!!!!!!!!!!! But i very like phobos (the blogger), erinn (which has accepted my suggestion for the TorBundle with Openssl) and andrew (which for first sent me nice emails)!!!!!!!!!
A website you forgot to mention is fedora-forum!!!!! There are a lot of people, and admins, liking me!!!! but i decided to leave because it has gone downhill, turned into a boring place and therefore one admin banned me!!!!! hahah!!!!!!!!!!! yeah, it's no more honey like it was in the past, i've never had an afterthought about quit that board!!!!! this is funny!!!!!!!!!!
Anyway, it seems to me like you've some troubles with english too!!!!!!!!! If you write "out of lots of online communities" and you give only two, maybe three, examples!!! well yeah, it's just one or two more than "one"!!!!!!! yeah!!!! it's not really the meaning of lots of!!!!!!!!!!!!!! Out of "a couple of"/"a few of" online communities seems to me to have a better logic!!!!!!!!!! is it?!!!!!!!!!!!!!!!?!!

bye!!!!!!!!!!!
~bee!!!!!!

As a Chinese tor user, I am grateful for the great things torproject did.
I don't know whether Bee is Chinese. Even he is, what bee did just represent himself, does not mean Chinese is arrogant.
Even if Bee deserved being taunted, that should because of his arrogant behavior, not just because he is a Chinese made some grammatical mistakes.

June 18, 2010

Permalink

You can no longer connect to filesurf.ru unless you get rid of all entryNodes and exitNodes entries.

June 24, 2010

Permalink

Pls my tor is no longer connecting on my MTN network here in nigeria. Whats going on.?

June 26, 2010

Permalink

as Mtn finally block tor?cos it has not been connecting, please can someone please help with a better way to get connected to Tor servers please.....

June 29, 2010

Permalink

I am from Nigeria and have been using tor for awhile now. But I just discovered that tor has not connected for a week now. I use MTN NIGERIA to connect to tor. Pls help out

June 29, 2010

Permalink

In Nigeria, we could not connect with tor anymore. This is message we get 'Establishing an encrypted directory connection'.
This is where the tor stays until u exist it by yourself. I use MTN Nigeria and so as others that are experiencing the same problem. Also,the relays are never loaded.
Thanks in anticipation