Tor at the Heart: Flash Proxy
During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!
Sometimes Tor bridge relays can be blocked despite the fact that their addresses are handed out only a few at a time. Flash proxies create many, generally ephemeral bridge IP addresses, with the goal of outpacing a censor's ability to block them. Rather than increasing the number of bridges at static addresses, flash proxies make existing bridges reachable by a larger and changing pool of addresses.
How It Works
In addition to the Tor client and relay, we provide three new pieces. The Tor client contacts the flash proxy facilitator to advertise that it needs a connection. The facilitator is responsible for keeping track of clients and proxies, and assigning one to another. The flash proxy polls the facilitator for client registrations, then begins a connection to the client when it gets one. The transport plugins on the client and the relay broker the connection between WebSockets and plain TCP.
A sample session may go like this:
1. The client starts Tor and the client transport plugin program (flashproxy-client), and sends a registration to the facilitator using a secure rendezvous. The client transport plugin begins listening for a remote connection.
2. A flash proxy comes online and polls the facilitator.
3. The facilitator returns a client registration, informing the flash proxy where to connect.
4. The proxy makes an outgoing connection to the client, which is received by the client's transport plugin.
5. The proxy makes an outgoing connection to the transport plugin on the Tor relay. The proxy begins sending and receiving data between the client and relay.
From the user's perspective, only a few things change compared to using normal Tor. The user must run the client transport plugin program and use a slightly modified Tor configuration file.
Cupcake is an easy way to distribute Flash Proxy, with the goal of getting as many people to become bridges as possible.
Cupcake can be distributed in two ways:
- As a Chrome or Firefox add-on (turning your computer into a less temporary proxy)
- As a module/theme/app on popular web platforms (turning every visitor to your site into a temporary proxy)
Heh, when I read the headline I thought this must refer to protections for Adobe Flash--- as in on-line video--- but you explained what you really mean very clearly, and its awesome!
More innovation like this please!
You must be causing great dismay in authoritarian circles, and that's wonderful!