On recent and upcoming developments in Pluggable Transports
this is a brief post on recent and upcoming developments of the Pluggable Transport world:
What has happened
Here is what has been keeping us busy during the past few months:
As many of you know, the TBB team recently released the Tor Browser Bundle 3.6 that features built-in PT support. This is great and has taken PT usage to new levels. Maaad props to the TBB team for all their work.
TBB-3.6 includes obfs3 and FTE by default. If the built-in bridges are blocked for you (this is the case at least in China), try getting some more bridges from BridgeDB (which also got renovated recently).
We are in the process of deprecating the obfs2 pluggable transport.
This is because China blocks it using active probing, and because obfs3 is stictly better than obfs2. obfs3 can also be blocked using active probing, but China hasn't implemented this yet (at least as far as we know). The new upcoming line of PTs (like scramblesuit and obfs4) should be able to defend more effectively against active probing.
Outgoing proxies and Pluggable Transports
Yawning Angel et al. recently implemented outgoing proxy support for PTs. This means that soon our PTs will be able to connect to an outgoing proxy using the Socks5Proxy torrc option (or the corresponding proxy field in TBB).
A Childs Garden Of Pluggable Transports
David Fifield created refreshing visualizations of Pluggable Transports. Take a look; it might help you understand what these damned things are doing.
What will happen
Now let's take a look into the short-term future (a few months ahead) of Pluggable Transports:
obfs4 and ScrambleSuit
Remember ScrambleSuit? Guess what; we are thinking of not deploying it after all...
Don't get me wrong, ScrambleSuit is great, but during the past two months Yawning has been developing a new transport called 'obfs4'. obfs4 is like ScrambleSuit (with regards to features and threat model), but it's faster and autofixes some of the open issues with scramblesuit (#10887, #11271, ...).
Since scramblesuit has not been entirely deployed yet, we thought that it would be a good idea to deploy obfs4 instead, and keep scramblesuit around as an emergency PT.
Meek is an exciting new transport by David Fifield. You can read all about it here: https://trac.torproject.org/projects/tor/wiki/doc/meek
It's basically a transport that (ab)uses Firefox to do SSL in a way that makes it look like Firefox but underneath it's actually Tor. Very sneaky, and because it uses third-party services (like Google Appspot, Akamai, etc.) as proxies, the user does not need to input a bridge. Meek just works bridgeless and automagically.
Help us by testing the latest bundles that David made: https://lists.torproject.org/pipermail/tor-qa/2014-June/000422.html
Also, since the recent Google block in China, Meek will not work with Google Appspot. However, other third-party services can be used instead of Appspot, so Meek does not lose its effectiveness.
PTs and IPv6
And that's that for now.
Till next time, enjoy life and give thanks and praises :)
(For what it's worth, this was originally a post in the [tor-talk] mailing list:
Thanks for answering my question about Meek and China that I asked on the "Tor Challenge 2014" blog. I'm guessing you don't list all the third-party services Meek can use so China can't block all of them.