Run Tor Bridges to Defend the Open Internet

We believe everyone should have private access to the open internet, but not everyone is able to enjoy the luxury Tor provides. Freedom to publish, share, and access information online is critical for a healthy society, yet governments and entities around the world deny people this universal human right. All of the relays that make up the Tor network are publicly listed, so that means one way to try to prevent people from using Tor is to blacklist the public IP addresses of all of the thousands of Tor relays.

For example, the governments of China, Iran, and Kazakhstan exercise information control by trying to block Tor.  

Tor Story - Tor Bridge in Iran

However, thanks to bridges, Tor users are still able to connect to the network when the public Tor relays are blocked. Bridges are private Tor relays that serve as stepping stones into the network. Not only are bridges private, they can also modify their network packets in a way that it's difficult for an observer to conclude that somebody is using Tor. Censored users are able to select bridges from BridgeDB or directly in Tor Browser’s Network Settings.

Tor Network Size - Tor Metrics

We currently have approximately 1,000 bridges, 600 of which support the obfs4 obfuscation protocol. Unfortunately, these numbers have been stagnant for a while. It's not enough to have many bridges: eventually, all of them could find themselves in block lists. We therefore need a constant trickle of new bridges that aren't blocked anywhere yet. This is where we need your help.

By setting up an obfs4 bridge, you can help censored users connect to the open internet through Tor.

Setting Up a Bridge

Bridges are relatively easy, low-risk, and low bandwidth to operate, but they have a big impact on people where the internet is under oppressive control. A bridge isn't likely to receive any abuse complaints, and since bridges are not listed in the public consensus, they are unlikely to be blocked by popular services. Bridges are a great option if you can only run a Tor node from your home network, have only one static IP address, and don't have a huge amount of bandwidth to donate -- we recommend giving your bridge at least 1 Mbit/sec and it should run 24/7.

To set up an obfs4 bridge, check out our newly revised installation instructions. We have guides for several Linux distributions, FreeBSD, OpenBSD, and docker. Note that an obfs4 bridge needs both an open OR *and* an open obfs4 port. If you run into any trouble while setting up your bridge, check out our help page.

Once you have set up your bridge, find your bridge’s fingerprint (our post-install instructions explains how) and send an email to bridge-campaign@torproject.org to tell us your bridge's fingerprint (don't confuse it with the bridge's "hashed fingerprint"). Next month, we will randomly select 10 new bridge operators to receive a metallic roots Tor t-shirt as a token of our gratitude for your help defending the open internet. Set up your bridge and email us by September 30 to qualify.

Tor shirts

The shirt is available in Classic and Slim sizes S - 2XL, and we can ship to most places in the world.

Other ways to help

If you’re not technical enough to run a bridge but want to help censored users, there are other ways you can help:

  • Make a donation to the Tor Project to support our work developing and sharing tools for privacy and freedom online.
  • Help translate Tor materials and documentation including information on how to set up a bridge.
  • Share your support of running and using Tor bridges on social media with the hashtag #RunTorBridges.

Internet freedom is on the decline around the world, but we aren’t giving up. Everyone should be able to exercise their right to freedom of expression online, and by running a Tor bridge, you can help people around the world do so more safely.

Anonymous

August 28, 2019

Permalink

Nice!
I was just thinking about installing one this week end on a VPS with a ton of bandwidth :D
Hope I'll get the shirt

Anonymous

August 28, 2019

Permalink

Nice timing! lol

I had a bridge on Windows for many months, now I'm moving it to my Urubu server and hope to have more stability.

Anonymous

August 28, 2019

Permalink

My host offers a server that only supports ipv6, not ipv4. Does tor require ipv4? Also, any particular geographic location that is most helpful to locate the server in? Thanks! :)

Tor needs ipv4 unfortunately.

My host provides a server with ipv6 but not ipv4. Does tor require ipv4? For example, I see the torrc defines the ServerTransportListenAddr using ipv4 notation. Also, any preferred geographic location that will provide the most help for the most people? Thanks! :)

Why do you need a static IP?

Whenever your bridge changes its IP address, it loses all of its users because they have no way of learning your bridge's new IP address. That is bad user experience because these users now have to get new bridges. If you don't have a static IP address, we recommend running a snowflake proxy instead.

Does DDNS help here?

No. Bridges are identified by IP addresses and not by domain names.

Because the bridge line contains a numerical IP and not a hostname.

Hey Tor Community.

We ship Tor clients to many users.
We can switch to a shipped bridge config by default, seeing this post.
Hope thats ok.

Who is "we"? :)

Does running a bridge on AWS lead to ban? Is it against their policy?

Take a look at https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs and please edit the wiki page if anything is outdated.

Just setup a bridge :) maybe consider changing the link on the email address in the blogpost to an actual mailto link though ;)

Oops, good catch.

You can also run snowflake proxies by just installing a browser addon, see: https://snowflake.torproject.org

I use a VPN service without a static IP, anything I can do to help? Can I buy a T-shirt?

You could always run a snowflake by installing the browser extension: https://snowflake.torproject.org.

Add that operators should probably not run a bridge on the same IP address as an exit or middle relay. Or any daemon that could attract network administrators who block it.

Add that users of Tor Browser who selected "This computer goes through a firewall that only allows connections to certain ports" or are behind a FascistFirewall would be helped if some operators use official, frequently-used web port numbers such as 80, 443, 8080, 110, 993, 995. Neither the support FAQ (1, 2, 3, 4) nor the TB-manual (1, 2) tell readers to try "This computer goes through a firewall" before trying bridges. They should.

More documentation for bridge operators:
https://2019.www.torproject.org/docs/bridges.html.en
https://2019.www.torproject.org/docs/pluggable-transports.html.en
https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
https://blog.torproject.org/research-problem-five-ways-test-bridge-reac…
https://blog.torproject.org/research-problems-ten-ways-discover-tor-bri…

Thanks a lot
But even this web-page is not accessible in Iran!

What's the easiest way to get a list of a few obfs4 bridges if you are in China? You can't request them via e-mail, since both RiseUp and Gmail are banned in China.

Try requesting an obfs4 bridge directly in Tor Browser by going to Tor's network settings, clicking "Tor is censored in my country", and then going to "request a bridge from torproject.org".

Hi,

I wanted to set up my raspberry pie as a bridge - but it seems FreeBSD doesn't have an obfs4proxy-tor pkg for aarch64/arm64 :(

I notice occasionally I get a Google IP address and it stops me from loading or searching, with their message that there is "unusual activity" in my Browser (Tor,of course).I am thus forced to close Tor and then reopen.

Can you tell me why that is happening?

By the way I am using what is called LOW High Speed, for cost reasons. It is half the cost of full High Speed and satisfies my needs as I don't play games nor do I use Social Networks.

Roger

Just added a bridge to go with my relay. The more the better.

snowflake is great, but what will made the normal user run a bridge? it should be very simple, maybe just a click, it should be a switch in torbrowser or config in tor binary's torrc file. not in firefox/chrome.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

1 + 11 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.