From ad72f59d1a4c45016a66fb9408bdd1e7444e1369 Mon Sep 17 00:00:00 2001 From: pterocles Date: Tue, 16 Aug 2022 11:45:04 -0400 Subject: [PATCH 1/3] Small addition: add link to meek-azure documentation for iOS * add link to commit where iOS Onion Browser dropped meez-azure: "Removed Meek Azure bridge [support], since Microsoft announced starting to block it." * Remove dupe reference to footnote #522 and #523 (document will now render this as reference #516) * Add link to Tor Project: "Run Tor Bridges to Defend the Open Internet" Signed-off-by: pterocles --- guide.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/guide.md b/guide.md index aca1209..f183600 100644 --- a/guide.md +++ b/guide.md @@ -2165,7 +2165,7 @@ While the official Tor Browser is not yet available for iOS, there is an alterna - Snowflake - - (Meek-Azure is unfortunately not available on Onion Browser for iOS for some reason) + - (Meek-Azure is unfortunately not available on Onion Browser for iOS (See [commit 21bc18428](https://github.com/OnionBrowser/OnionBrowser/commit/21bc18428368224507b27ee58464ad352f4ec810) for more information.) Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Snowflake one (since Meek-Azure bridges are not available). Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option you have on iOS. @@ -11694,17 +11694,17 @@ Each Virtual Machine is a sandbox. Remember the reasons for using them are to pr In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk. -In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]][244] and Whonix Documentation [[Archive.org]][337]). +In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]][244] and Whonix Documentation [[Archive.org]][337]). Optionally, if you are able, you should (seriously!) consider running a bridge [[Archive.org]][] yourself, as this would greatly help reduce the amount of censorship in the world. Bridges are special Tor entry nodes that are not listed on the Tor public directory. Some of those are running on people running the Snowflake Browser extension[^520] while others are running on various servers around the world. Most of those bridges are running some type of obfuscation method called obfs4[^521]. *Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]][1387] -Here is the definition from the Tor Browser Manual[^522]: "obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges". +Here is the definition from the Tor Browser Manual[^523]: "obfs4 makes Tor traffic look random and prevents censors from finding bridges by Internet scanning. obfs4 bridges are less likely to be blocked than its predecessor, obfs3 bridges". Some of those are called "Meek" bridges and are using a technique called "Domain Fronting" where your Tor client (Tails, Tor Browser, Whonix Gateway) will connect to a common CDN used by other services. To a censor, it would appear you are connecting to a normal website such as Microsoft.com. See for more information. -As per their definition from their manual[^523]: "meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site". This is a type of "domain fronting" [^524]. +As per their definition from their manual: "meek transports make it look like you are browsing a major web site instead of using Tor. meek-azure makes it look like you are using a Microsoft web site". Snowflake bridges make it appear like your connections are phone calls to random internet users. This is a type of "domain fronting" [^524]. See ["domain fronting"](https://www.bamsoftware.com/papers/fronting/#sec:introduction) from the link in the previous paragraph for a detailed explanation of these types of secret "bridges". Lastly, there are also bridges called Snowflake bridges that rely on users running the snowflake extension in their browser to become themselves entry nodes. See [[Archive.org]][563]. @@ -13437,8 +13437,6 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [^521]: GitHub, Obfs4 Repository [[Archive.org]][1348] -[^522]: Tor Browser Manual, Pluggable Transport [[Archive.org]][1349] - [^523]: Tor Browser Manual, Pluggable Transport [[Archive.org]][1349] [^524]: Wikipedia, Domain Fronting [[Wikiless]][1350] [[Archive.org]][1351] @@ -15126,5 +15124,6 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte [1385]: https://web.archive.org/web/20220516000616/https://officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo [1386]: https://web.archive.org/web/20220720023429/https://leakuidatorplusteam.github.io/ [1387]: https://web.archive.org/web/20220801151048/https://support.torproject.org/glossary/moat/ + [1388]: https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/ [1389]: media/image59.png From 4ec157fba37e3f1b2126af94522373036bfe310b Mon Sep 17 00:00:00 2001 From: "T. H" Date: Wed, 17 Aug 2022 01:29:22 -0400 Subject: [PATCH 2/3] Mention running bridge types ranked by difficulty * To run any of them, it only requires small knowledge of Linux. this places the information required into the realm of possibility, even for unseasoned Linux users. * Note: there are many guides on both Tor Project and Stack Overflow. * Consider running either the 1st or 2nd options as they are the easiest. Signed-off-by: pterocles --- guide.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/guide.md b/guide.md index f183600..6b25496 100644 --- a/guide.md +++ b/guide.md @@ -2095,6 +2095,14 @@ Please see [Appendix Y: Installing and using desktop Tor Browser]. - Snowflake +- **If your internet isn't censored**, consider running one of the bridge types to help the network! + + - Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. + + - Medium: Snowflake - More about Snowflakes here. + + - Hard: Meek - This is the documentation. It's not as simple. + Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Meek-Azure. Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option to obfuscate your Tor activities if needed and Microsoft servers are usually not blocked. *Only available for Desktop Tor users: Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).* [[Archive.org]][1387] @@ -2167,6 +2175,14 @@ While the official Tor Browser is not yet available for iOS, there is an alterna - (Meek-Azure is unfortunately not available on Onion Browser for iOS (See [commit 21bc18428](https://github.com/OnionBrowser/OnionBrowser/commit/21bc18428368224507b27ee58464ad352f4ec810) for more information.) +- **If your internet isn't censored**, consider running one of the bridge types to help the network! + + - Easy: Obsf4 - You can run your own Obsf4 easily with these instructions. + + - Medium: Snowflake - More about Snowflakes here. + + - Hard: Meek - This is the documentation. It's not as simple. + Personally, if you need to use a Bridge (this is not necessary for a non-hostile environment), you should pick a Snowflake one (since Meek-Azure bridges are not available). Those will probably work even if you are in China and want to bypass the Great Firewall. It is probably the best option you have on iOS. - You are almost done From 38ebe5bee4d0252a94b1be8aa563bdb946819585 Mon Sep 17 00:00:00 2001 From: pterocles Date: Wed, 17 Aug 2022 01:35:49 -0400 Subject: [PATCH 3/3] Fix missing Archive.org link * Missing archive link fix Signed-off-by: pterocles --- guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guide.md b/guide.md index 6b25496..6a9a8d7 100644 --- a/guide.md +++ b/guide.md @@ -11710,7 +11710,7 @@ Each Virtual Machine is a sandbox. Remember the reasons for using them are to pr In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk. -In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]][244] and Whonix Documentation [[Archive.org]][337]). Optionally, if you are able, you should (seriously!) consider running a bridge [[Archive.org]][] yourself, as this would greatly help reduce the amount of censorship in the world. +In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation [[Archive.org]][244] and Whonix Documentation [[Archive.org]][337]). Optionally, if you are able, you should (seriously!) consider running a bridge [[Archive.org]](https://web.archive.org/web/20220708014922/https://blog.torproject.org/run-tor-bridges-defend-open-internet/) yourself, as this would greatly help reduce the amount of censorship in the world. Bridges are special Tor entry nodes that are not listed on the Tor public directory. Some of those are running on people running the Snowflake Browser extension[^520] while others are running on various servers around the world. Most of those bridges are running some type of obfuscation method called obfs4[^521].