China blocking Tor: Round Two

Experts in China tell us Tor is not being singled out, that all "circumvention" tools are being subjected to the censorship regime of the Great Firewall of China as politically sensitive anniversaries come about. We also hear people in China need their privacy too, even if they never leave the Chinese Internet.

However, it appears China is getting better at blocking Tor. Here's a graph of returning users to the Tor Network from China:

However, most Tor users in China switched to non-public relays, called bridges, over the past few months. Interestingly, the GFW has also started blocking some of the more popular bridges:

All of this data, and more, are available at http://metrics.torproject.org/.

Run a bridge, help someone else get to their favorite websites and forums.

Anonymous

March 11, 2010

Permalink

I would GUESS not but is there a way to tell if the bridge one was might be one that was blocked?

I have has problem after problem after installing the last two versions to the point of about giving up.

Anonymous

March 11, 2010

Permalink

Excuse me a way to tell if the Bridge I was running has been blocked?
And again I would guess not as I had reinstalled and still am about to give up.

JustMe

Anonymous

March 11, 2010

Permalink

Excuse me a way to tell if the Bridge I was running has been blocked?
And again I would guess not as I had reinstalled and still am about to give up.

JustMe

Anonymous

March 11, 2010

Permalink

I'm currently behind GFW. I added the bridges and am still blocked. :( It shows "establishing an encrypted directory connection failed (done)". I wonder how those 10k users climbed over the damn wall.

just repeat stop TOR/ start TOR from the control panel as long as you get through, don't waste your time waiting for 'establishing encrypted ...'
TOR seems to memorise working constellations, so connect every day, otherwise you'll get stuck with TOR trying out previously working bridges.

Anonymous

March 11, 2010

Permalink

To the Tor developers: Please make all new Tor users bridges by default, not just clients.

Anonymous

March 13, 2010

Permalink

it's hard to climb the GFW in China now.

yeah finally i get though the GFW,it sucks!!

Some bridge works and some doesn't.I use ping and telnet to check the bridges.All ping good,but some can't telnet ,and some return immediately with exit. The result of tor with these bridges is "establishing an encrypted directory connection failed (done)".And i tryed 2 day to find a useful bridge. With this bridge, ping and telnet return both good.

BTW,the captcha's image is too hard to read,i have try 3 times to get through.

I don't understand the link to 'http://metrics.torproject.org/' as it only appears to be "The Tor Translation Portal"? Do I need to register to see purty graphs?

http://metrics.torproject.org/ is the metrics portal. The Translation Portal is a different virtual host on the same IP address for now, but only at https://translation.torproject.org. What browser are you using that isn't requesting the website by name? If you request the website by IP address, you'll receive the translation portal.

Right, thanks for the reply. I've figured it out. I have the NoScript Firefox add-on configured to rewrite http:// to https:// on secure sites like *.torproject.org. It's just something I've done for a while now as I find a fair few https:// sites have a habit of falling back to http:// here and there if/when they mess up the hyperlinks, so I tend to force it for security. .............................................................................................................................

So any way, clicking http://metrics.torproject.org/ was being rewrote to https://metrics.torproject.org/ by NoScript which then ended up redirected by the server to https://translation.torproject.org/, I guess... :)

tor can vist anywhere,is the real proxy. I can`t leave her. Now,chian has blocking bridge, I keep chang the bridge this svere days, so bad ,no one work.,even it cuold ping.

I try this three bridge 91.194.60.102:443
bridge 24.247.112.27:443
bridge 88.198.1.68:8080

right now ,but do not work.

( I use the free gate to get here. )

I am a Chinese who have just successfully crossed the GFW, like six months ago the my tor intergrated within a firefox proved to be useless. I couldnot connect any server and even I luckly made one the speed was dreadfully slow. Now I am using an openvpn to browse your blog and I wanna know there is really no way to fight the GFW back and relive tor in China?

From our testing, using Tor in China requires bridges. China GFW is quite successfully blocking most of the public tor relays.

fucking crazy GFW, see my middle finger.
I met the following problem:
"establishing an encrypted directory connection failed (done)".
I need help to over GFW now!

So GFW admins can send a 'get bridges' email and block new bridges as soon as they come out. I feel this is what is happening, I am having to Change bridges every other day. This was not the case 6 weeks ago.

Yes, they can. We take this into account when giving out bridges. In order to share information, you have to assume the adversary is going to receive the information as well. Right now it seems China is blocking 50% of bridges given out via https. We've released bridge addresses via other methods since October that are 100% working even today.

waiting for you to deal this new challenge.

A Chinese Boy want freedom~~

did you try different port numbers in firewall settings in network section.

My Tor browser was working past few days until last night. I have about 20 relays. So I definitely know some are getting through.

Everytime I tried to load Tor Browser (Tor/Polipo/Vidalia), tor.exe would crash.

WTF.......

tor.exe keeps crashing now, whats happening?

I am a college student in China and have a new problem coming out in March that even if I use the latest bridge addresses sent by E-mail, Tor is difficult to be connected. I GUESS GFW is blocking bridges now and I hope we can have some counter-plans.

Same here in Beijing. Tried a series of new private bridges. None works. I'm guessing its no longer a problem of bridges being blocked, but some essential function of tor is being blocked...

I see many users from China on a bridge running here, so it might be that a lot of blocked bridges haven't noticed/reconfigured yet to fix the original problem.

You are right....After seeing your reply I emailed for new bridges again. Received four, one of which I didn't have and it connected.

Wellm spoke too early. After a few hours, it stopped working again. Emailed again for new bridges, received four more new ones, but none of them actually work!

I agree with one poster above, maybe its time to make all new installs of the tor software as bridges by default. If p2p works, I can't see why each user being a bridge would not work.

The newest bridges got from mail is not working.
Or maybe I have other problems in setting?
I've no idea...
Do u guys have the same issue here?

Yes. Unfortunately I have the same problem. None of the bridges I got via email worked. Now am climbig the wall using psiphone. Not sure how long this will last. What are the other methods of releasing bridges that where talked above?
The ones on the website seem to be blocked too.
These guys are realy going on my nerves!

My experience is that the GFW is monitoring the Gmail (from google) now, If a chinese send a mail to: bridges@torproject.org, GFW will automatically monitor the Gmail he used, they can read all they want to read in this Gmail, so the bridges will be blocked in a short time--after the GFW machine was set up. So the point is how to send and receive bridges safely.

r you sure????
gmail uses https

The gfw admins can sign up for gmail too.

GFW is monitoring the Gmail now, so the problems above are just so so ...

The piont is how to send your mail safely. Windows OS is just not safe !

I really don't understand any of this. After this first happened my bridge stopped being used, usually 1000+ chinese users in my "who has used your bridge", then a couple days later 1-8 chinese users and now 50+ chinese users again? how can they still be connecting?;o

I don't know but maybe some connections manage to successfully negotiate the 3-way handshake to register as someone "who has used your bridge" before the DPI resets the connection. I have no idea but just a thought.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Is the bridge still blocked? Have you reconfigured the ORPort yet?

Yes, now 2k+ users in who has used my bridge from china again!

Don't Chinese's patience....Until now I have changed about 30 groups of bridges

Once a time the Chinese didn't know how to suf the net via the bridges, and then your chinese users was little but now many Chinese knows it. so....

Let me suggest....

1. People can only get latest bridges through gmail account that are already registered 2 or more months.
2. People can not get bridges through bridges.torproject.org ( I found it's very easy to get a lot of bridges by simply clicking button "Use a New Identity" and refresh page)
3. Reduce the number of bridges display given to 2 bridges each time.

GFW starts blocking bridges.... oh my God....

torproject should change the way they provide bridges, email is never safe.

We give out bridges via 6 different methods. email is only one. We assume an adversary is going to try to discover all methods and therefore all bridges.

However to average users like me, only one method seems available: through gmail.If that's the case, whats the point?

bridges are offered by gmail, website, qq account, twitter account, and two other methods that aren't via internet.

what happens if they start blocking all of google? maybe we should be able to send e-mails through yahoo as well?

Is there a way to use the metrics to generate user statistics on any country? There are numerous graphs pre-generated for a couple dozen countries, but how would I see the number of users in Russia over a period of time?

yeah, i'm out..thank you for all your working

Hi there,
Thanks for you guys doing this. I have a business in China and need to use google sites in China.
What I recon is to charge for the bridges(100RMB/per year) and you guys can secure the bridges links(rather than simply sending auto-reply emails), not for every one to use. The user has to pay.

Currently, GFW seems blocking most of bridges, I tried couple of these yesterday. Neither worked.

What do you think?

Not good idea, GFW also can pay it and block it.

GFW techs work for a boss that can pay for the bridges... So each person should get different bridges. . . That might have a chance... but they already know who are the TOR users, and can intercept information about bridges...