Test obfs4 reachability
Check to see if obfs4 is actually being blocked/throttled in China and other areas. If it is, we should figure out how and see if we can make changes to obfs4 to make it viable in these regions again.
Activity
Trac:
Child Ticket(s): #29297 (closed)
Noting some previous possible mentions of blocking:
China: #19408 (moved) (2016) Kazakhstan: #20348 (moved) (2016-?) Poland: #27435 (moved) (2018) UAE: #27723 (moved), #25966 (moved) (2017/2018)
Some things that might be the cause of blocking: #7349 (moved), #28655 (moved), #26083 (moved), #26122 (closed)
Tickets related to reachability tests: #17159 (moved), #29275 (moved), #29277 (moved)
Trac:
Owner: N/A to cohosh-
The current plan is to do the following:
-
Set up several diverse, new, private obfs4 bridges for these tests
-
Write a client-side script that will test for obfs4 reachability, making sure to measure bandwidth for throttling (#29297 (closed))
-
Get set up on a VPS to perform these tests ourselves initially
-
Contact users to run the scripts and send us collected data
-
-
-
Here's some preliminary results after 3 days of testing.
The bridges ndnop3 and ndnop4 were used in previous testing so it's likely they became blocked long before this test for other reasons.
So far the private bridges we set up for these tests have not been blocked and the throughput is not being throttled.
-
Interesting results! It would be great if we could add one of the two unblocked bridges to BridgeDB at some point, and see how long it takes for it to be blocked. Ideally, we would have several unblocked bridges and add them to different BridgeDB distribution sets, which would give us an idea of what distribution mechanisms are crawled successfully, and how quickly.
-
That's a great idea.
I'm not super familiar with the distribution mechanisms used by BridgeDB (is that documented somewhere)?
Roger mentioned in a meeting a while ago that we have a reasonable number of university contacts we can ping to set up bridges. So when we are ready to move to this step, we should get into contact with them :)
-
Replying to cohosh:
I'm not super familiar with the distribution mechanisms used by BridgeDB (is that documented somewhere)?
I believe that three mechanisms are currently in place. You can get bridges over HTTPS (by visiting bridges.torproject.org), over email (by writing to bridges@torproject.org) and directly in Tor Browser (the system is called moat).
Roger mentioned in a meeting a while ago that we have a reasonable number of university contacts we can ping to set up bridges. So when we are ready to move to this step, we should get into contact with them :)
Sounds good!
-
Replying to phw:
Replying to cohosh:
I'm not super familiar with the distribution mechanisms used by BridgeDB (is that documented somewhere)?
I believe that three mechanisms are currently in place. You can get bridges over HTTPS (by visiting bridges.torproject.org), over email (by writing to bridges@torproject.org) and directly in Tor Browser (the system is called moat).
Ah, yep. It might also be a good idea to test any finer-grained sort of distribution we're doing (e.g., I think we're partitioning bridges and handing out some only to email addresses from certain providers). But this step can be even further down the road.
-
Trac:
infer-throughput.py
