China blocking Tor: Round Two

Experts in China tell us Tor is not being singled out, that all "circumvention" tools are being subjected to the censorship regime of the Great Firewall of China as politically sensitive anniversaries come about. We also hear people in China need their privacy too, even if they never leave the Chinese Internet.

However, it appears China is getting better at blocking Tor. Here's a graph of returning users to the Tor Network from China:

However, most Tor users in China switched to non-public relays, called bridges, over the past few months. Interestingly, the GFW has also started blocking some of the more popular bridges:

All of this data, and more, are available at http://metrics.torproject.org/.

Run a bridge, help someone else get to their favorite websites and forums.

Anonymous

March 11, 2010

Permalink

I would GUESS not but is there a way to tell if the bridge one was might be one that was blocked?

I have has problem after problem after installing the last two versions to the point of about giving up.

Anonymous

March 11, 2010

Permalink

Excuse me a way to tell if the Bridge I was running has been blocked?
And again I would guess not as I had reinstalled and still am about to give up.

JustMe

Anonymous

March 11, 2010

Permalink

Excuse me a way to tell if the Bridge I was running has been blocked?
And again I would guess not as I had reinstalled and still am about to give up.

JustMe

Anonymous

March 11, 2010

Permalink

I'm currently behind GFW. I added the bridges and am still blocked. :( It shows "establishing an encrypted directory connection failed (done)". I wonder how those 10k users climbed over the damn wall.

just repeat stop TOR/ start TOR from the control panel as long as you get through, don't waste your time waiting for 'establishing encrypted ...'
TOR seems to memorise working constellations, so connect every day, otherwise you'll get stuck with TOR trying out previously working bridges.

Anonymous

March 11, 2010

Permalink

To the Tor developers: Please make all new Tor users bridges by default, not just clients.

Anonymous

March 14, 2010

Permalink

Some bridge works and some doesn't.I use ping and telnet to check the bridges.All ping good,but some can't telnet ,and some return immediately with exit. The result of tor with these bridges is "establishing an encrypted directory connection failed (done)".And i tryed 2 day to find a useful bridge. With this bridge, ping and telnet return both good.

Right, thanks for the reply. I've figured it out. I have the NoScript Firefox add-on configured to rewrite http:// to https:// on secure sites like *.torproject.org. It's just something I've done for a while now as I find a fair few https:// sites have a habit of falling back to http:// here and there if/when they mess up the hyperlinks, so I tend to force it for security. .............................................................................................................................

So any way, clicking http://metrics.torproject.org/ was being rewrote to https://metrics.torproject.org/ by NoScript which then ended up redirected by the server to https://translation.torproject.org/, I guess... :)

Anonymous

March 22, 2010

Permalink

tor can vist anywhere,is the real proxy. I can`t leave her. Now,chian has blocking bridge, I keep chang the bridge this svere days, so bad ,no one work.,even it cuold ping.

I try this three bridge 91.194.60.102:443
bridge 24.247.112.27:443
bridge 88.198.1.68:8080

right now ,but do not work.

( I use the free gate to get here. )

Anonymous

March 23, 2010

Permalink

I am a Chinese who have just successfully crossed the GFW, like six months ago the my tor intergrated within a firefox proved to be useless. I couldnot connect any server and even I luckly made one the speed was dreadfully slow. Now I am using an openvpn to browse your blog and I wanna know there is really no way to fight the GFW back and relive tor in China?

Anonymous

March 23, 2010

Permalink

fucking crazy GFW, see my middle finger.
I met the following problem:
"establishing an encrypted directory connection failed (done)".
I need help to over GFW now!

Anonymous

March 24, 2010

Permalink

So GFW admins can send a 'get bridges' email and block new bridges as soon as they come out. I feel this is what is happening, I am having to Change bridges every other day. This was not the case 6 weeks ago.

Yes, they can. We take this into account when giving out bridges. In order to share information, you have to assume the adversary is going to receive the information as well. Right now it seems China is blocking 50% of bridges given out via https. We've released bridge addresses via other methods since October that are 100% working even today.

Anonymous

March 24, 2010

Permalink

My Tor browser was working past few days until last night. I have about 20 relays. So I definitely know some are getting through.

Everytime I tried to load Tor Browser (Tor/Polipo/Vidalia), tor.exe would crash.

WTF.......

Anonymous

March 25, 2010

Permalink

I am a college student in China and have a new problem coming out in March that even if I use the latest bridge addresses sent by E-mail, Tor is difficult to be connected. I GUESS GFW is blocking bridges now and I hope we can have some counter-plans.

Anonymous

March 26, 2010

Permalink

Same here in Beijing. Tried a series of new private bridges. None works. I'm guessing its no longer a problem of bridges being blocked, but some essential function of tor is being blocked...

I see many users from China on a bridge running here, so it might be that a lot of blocked bridges haven't noticed/reconfigured yet to fix the original problem.

You are right....After seeing your reply I emailed for new bridges again. Received four, one of which I didn't have and it connected.

Wellm spoke too early. After a few hours, it stopped working again. Emailed again for new bridges, received four more new ones, but none of them actually work!

I agree with one poster above, maybe its time to make all new installs of the tor software as bridges by default. If p2p works, I can't see why each user being a bridge would not work.

Anonymous

March 27, 2010

Permalink

Yes. Unfortunately I have the same problem. None of the bridges I got via email worked. Now am climbig the wall using psiphone. Not sure how long this will last. What are the other methods of releasing bridges that where talked above?
The ones on the website seem to be blocked too.
These guys are realy going on my nerves!

Anonymous

March 27, 2010

Permalink

My experience is that the GFW is monitoring the Gmail (from google) now, If a chinese send a mail to: bridges@torproject.org, GFW will automatically monitor the Gmail he used, they can read all they want to read in this Gmail, so the bridges will be blocked in a short time--after the GFW machine was set up. So the point is how to send and receive bridges safely.

Anonymous

March 27, 2010

Permalink

GFW is monitoring the Gmail now, so the problems above are just so so ...

The piont is how to send your mail safely. Windows OS is just not safe !

Anonymous

March 27, 2010

Permalink

I really don't understand any of this. After this first happened my bridge stopped being used, usually 1000+ chinese users in my "who has used your bridge", then a couple days later 1-8 chinese users and now 50+ chinese users again? how can they still be connecting?;o

I don't know but maybe some connections manage to successfully negotiate the 3-way handshake to register as someone "who has used your bridge" before the DPI resets the connection. I have no idea but just a thought.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Is the bridge still blocked? Have you reconfigured the ORPort yet?

Don't Chinese's patience....Until now I have changed about 30 groups of bridges

Once a time the Chinese didn't know how to suf the net via the bridges, and then your chinese users was little but now many Chinese knows it. so....

Anonymous

March 27, 2010

Permalink

Let me suggest....

1. People can only get latest bridges through gmail account that are already registered 2 or more months.
2. People can not get bridges through bridges.torproject.org ( I found it's very easy to get a lot of bridges by simply clicking button "Use a New Identity" and refresh page)
3. Reduce the number of bridges display given to 2 bridges each time.

GFW starts blocking bridges.... oh my God....

Anonymous

March 30, 2010

Permalink

what happens if they start blocking all of google? maybe we should be able to send e-mails through yahoo as well?

Anonymous

March 30, 2010

Permalink

Is there a way to use the metrics to generate user statistics on any country? There are numerous graphs pre-generated for a couple dozen countries, but how would I see the number of users in Russia over a period of time?

Anonymous

March 30, 2010

Permalink

Hi there,
Thanks for you guys doing this. I have a business in China and need to use google sites in China.
What I recon is to charge for the bridges(100RMB/per year) and you guys can secure the bridges links(rather than simply sending auto-reply emails), not for every one to use. The user has to pay.

Currently, GFW seems blocking most of bridges, I tried couple of these yesterday. Neither worked.

What do you think?

GFW techs work for a boss that can pay for the bridges... So each person should get different bridges. . . That might have a chance... but they already know who are the TOR users, and can intercept information about bridges...