Tor partially blocked in China

by phobos | September 28, 2009

On September 25, 2009, the Great Firewall of China blocked the public list of relays and directory authorities by simple IP address blocks. Currently, about 80% of the public relays are blocked by IP address and TCP port combination. Tor users are still connecting to the network through bridges. At the simplest level, bridges are non-public relays that don't exit traffic, but instead send it on to the rest of the Tor network.

If you want to help people in China get access to the uncensored Internet, run a bridge.

Feel free to mirror this post, or the Tor website. We have a list of mirrors at https://decvnxytmk.oedi.net/mirrors.html.en or search for tor mirrors via Google, Yahoo, Baidu, etc.

Links to other helpful sites (not run by us):

We knew this day would come, https://vbdvexcmqi.oedi.net/blog/torproject.org-blocked-gfw-china%3A-so….

Comments

Please note that the comment area below has been archived.

September 28, 2009

Permalink

i'm in shanghai and i can't find a bridge

September 28, 2009

Permalink

To whom it concerns,

This is a very important story and a *huge* and alarming move by China to further control the flow of, and access to, unfettered news from around the world, and from within China. This story is important because it shows China's ever increasing aggressive stance on the Internet and the freedom of the Chinese people.

If CNN runs with this story, and ties it into the unrest in Iran (ie. Tor usage by Iranians), I think CNN would have a major scoop and human interest story.

Below I describe Tor and offer some useful links and information. The Tor team would be very happy to speak with CNN, I am *sure*...

Thank you in advance for standing up to China and standing up for the Chinese people.

--Blog Entry from Tor Team Regarding Blockage by China:

blog_post_a) "Tor partially blocked in China"
https://vbdvexcmqi.oedi.net/blog/tor-partially-blocked-china

blog_post_b) "Torproject.org Blocked by GFW in China: Sooner or Later?"
https://vbdvexcmqi.oedi.net/blog/torproject.org-blocked-gfw-china%3A-so…

--Short Background of Tor:

Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by the military, journalists, law enforcement officers, activists, and many others. Here are some of the specific uses we've seen or recommend:
https://decvnxytmk.oedi.net/torusers.html.en

--Reporters Use Tor:

(taken from the Tor page "Who Uses Tor?" https://decvnxytmk.oedi.net/torusers.html.en )

a) "Reporters Without Boarders" advises journalists, sources, bloggers, and dissidents to use Tor to ensure their privacy and safety.

b) "The US International Broadcasting Bureau" (Voice of America/Radio Free Europe/Radio Free Asia) supports Tor development to help Internet users in countries without safe access to free media.

c) Citizen journalists in China use Tor to write about local events to encourage social change and political reform.

d) Citizens and journalists in Internet black holes ( http://www.rsf.org/rubrique.php3?id_rubrique=554 ) use Tor to research state propaganda and opposing viewpoints, to file stories with non-State controlled media, and to avoid risking the personal consequences of intellectual curiosity.

--What Has Tor Done of Note Recently?

One example of Tor usage was during the unrest in Iran following the elections this year. Tor was a major reason why Iranians could report on the situation anonymously, without fear of government reprisal. (please see the following blog posts for proof positive data and great visual aids such as graphs, etc)

a) "Measuring Tor and Iran":
https://vbdvexcmqi.oedi.net/blog/measuring-tor-and-iran

b) "Measuring Tor and Iran (Part two)"
https://vbdvexcmqi.oedi.net/blog/measuring-tor-and-iran-part-two

c) "On the Recent Growth of the Tor Network"
https://vbdvexcmqi.oedi.net/blog/recent-growth-tor-network

--Detailed Descriptions of Tor and Tor Usage:

"Tor Overview"
https://decvnxytmk.oedi.net/overview.html.en#overview

September 28, 2009

Permalink

I'm surprised that vbdvexcmqi.oedi.net has not been blocked yet!

September 28, 2009

Permalink

A few days after I set up a bridge using my own computer, I could not connect to any websites in China. Apparently they blocked my ip address to prevent people from logging on to TOR. As the GFW is bidirectional, I am blocked as well. Are there any ways to fix this?

Unfortunately I could not change my ip...

If the GFW uses a binary search to match ip addresses with the blacklist, they would have a great advantage because searching is only O(log n). It is very hard to compete with blocking by establishing new bridges. Perhaps we should think about other ways to penetrate the wall.

I have put some bridges but it does not seems to work. Am i doing something wrong?
how many address can I put ? How long do the adress last?

I have put some bridges but it does not seems to work. Am i doing something wrong?
how many address can I put ? How long do the adress last?

i heard that china gov install new software "Blue Shield" on every ISP international gateway start on Sept, 11.

no one known the mechanic of this software.
but we can see how effective of it.
most of the software which ever can cross over GFW is now blocked.
----
personally, i think "Blue Shield" should scan for every packet across it
both header and content!
if it found that packet content is special software (ex. FreeGate)
it will auto block the IP.

seem old GFW scan only header, this way is cheap CPU cost,
but absolutely fail to catch special software.
so china decide to scan its content with big cost of CPU.
China Internet user can notice dramatic speed drop when they want to browse international website, since Sept 11.

"China Internet user can notice dramatic speed drop when they want to browse international website, since Sept 11."

but it seems that users from other country, especially form Europe and North America,who want to browse those china websites (eg Baidu)are blocked in some degree. well when i get Tor connect, and to go to the international websites, like BBC, it's just ok, but when i opening those china public website like Baidu through Tor service, the speed drop down.

i disagree that china will block access from outside.

but because new GFW scan for all packet "going outside"
and Baidu is sending data to your Tor exit which is outside of China!
that is why people outside china also speed drop
when browse website in china too.

maybe i should not use the words "block international users", but instead of “interfere other country users”.
u sure the new GFW will scan all packet now? and that's the problem of why browsing webpages outside china is more slower than within china?
thx 4 ur point

Do you understand what i mean?
1) I "assume" that china scan for all packet which going outside of china.
as i told no one known how "blue shield" work for now.
so my assumption still unsure, but there is great possibility.

2) china don't do anything outside of its country.
they just scan out-going packet and block IP,
if it found that the destination IP support for breaking GFW in anyway.

3) i will show it in easy way to understand
china people => china website = no change
china people => inter website = request to website is scaned so it slow
inter people => inter website = no change
inter people => china website = response from website is scan so it slow

the internet world seem divide to china and non-china now.

well thx and i do know what u said....
"inter people => china website = response from website is scan so it slow"
if like that, search engine who located in china like Baidu should not access any international websites that were blocked by GFW. but in fact u can open cached pages on Baidu even the straight links were blocked.
So, GFW has a white list?and it allow these websites access international resources without limitation, well let them decide which links should be blocked?
i thought GFW do blocked a series of ordinary IPs, especially from Europe, they were not websites, but just providing some service like tor.

September 29, 2009

Permalink

My Server IP has been blocked for running an TOR Server (whole IP, not only TOR Port), in both directions (i cant connect to chinese servers, and chinese people can't connect to my server).:

Shanghai.: Timeout
Beijing..: Timeout
Guangzhou: Timeout
Hong Kong: 324ms
New York.: 121ms

Connections from and to Hong Kong are currently possible...

//And no, that means not that i will shutdown my Relay.. i think i will make a second relay..(if i have enough money :-P)

Let change your IP, and you can connect to china again.
until GFW catch that the new IP is Relay,
then change IP again and so on.....
;P

if GFW still continue in this way,
i think GFW will block IP accumulatively to half of the world's available IP soon.

September 29, 2009

Permalink

Why Tor Project stopped on the step of "establishing an encrypted directory connection"?

I live in Iran. Feom 19 September 2009 to Today 29 September, I tried Tor and it stopped in the step of "establishing an encrypted directory connection" , Please tell me how can I fix this?
These errors are also related to the "establishing an encrypted directory connection" problem: "no route to host" "No current certificate known for authority ..."

Initial indications are that Iran is blocking all public Tor relays as well. Perhaps China and Iran have talked about this.

Iran is also messing with SSL, in some cases, flat out dropping any SSL on any port.

This may only be from one ISP, but getting reliable connectivity into and out of Iran, with or without Tor, seems to be an issue right now.

October 02, 2009

In reply to phobos

Permalink

then please support udp. DITis now experimenting with several udp versions of freegate in their 8.9 series.

September 30, 2009

Permalink

An interesting thing I've struck today is blocked websites are having a blank html page sent back so all i get is a white page.

One of the more interesting blocks recently is that google translate is blocked on anything that contains 什么 two very common characters (meaning what). This seems to be a new tactic to make these services seem "unreliable" as sometimes it will work and sometimes it won't, depending on weather or not you have "什么“ in your page or not.

It is obviously that the whole public directory of Tor network has been blocked by our dear Great Firewall. I am feeling ashamed for their naming such a project with such a name - "Great Wall". The later one is a nationalistic pride for resisting foreign aggression while the former one is our shame for suppressing people's opinions.

Now bridges are the only ways for us to get what we need out there via Tor proxy. Please help us, help the people here in real need with your Tor bridge relays. We thank you people outside Mainland of China very much in advanced.

October 02, 2009

In reply to by Anonymous (not verified)

Permalink

But for how long ? How long should this help sustain? There always will be an end to this . you know what i mean, It is just that we all dont want to think about it. (and yes we have never thought that the situation would become this worse, ,have we?)

Any way the current state wouldnt last for long. Either China(or ccp) push out some more ridiculous theory about purifying cyberspace than green damn to justify its action or it will keep lying through their teeth and denying everything. Either way if the we dont trash its plan as we do to green damn, the situation could be worse.

Dont even expect the situation to come loose after the National Day. I think you all heard the news that China has just finished its Golden Shield project Stage II and Blue Shield in September. Do you think those nuts will just turn off the switch and left their new toys rust in the control room? I doubt it

Tor must change and adjust. The situation could only be tougher.

October 02, 2009

Permalink

Hi,

since Tor is an important tool to avoid censorship I propose to develop ways to distribute it in censored countries. I'm thinking about some kind of distributed Tor-downloader/updater, which transfers signed Tor packages/installers/sources in a p2p, but stealthy way. Yeah, I know automated steganography is hard, but since deep packet scanners are also automated I guess there is a chance.

The goal would be to create a way to download the software itself, if you stumble about it. It should be able to create a randomized page with a randomized version of itself. Maybe by presenting a page based heavily on javascript, so it is even harder to scan it. If you install it you also have a way to download Tor (and maybe other interesting software) in an easy and secure way using a special protocol. Random ports, encryption, looks like other protocols (like games, emails, http(s)), ...

So many ideas. If I have enough time I implement something like this, but maybe someone else could do it (too).

We've already started to work on a distributed distribution, with the expected secure updates and downloads. It's called Thandy for now, and one of our google summer of code students integrated bittorrent into it. You can read more about it at https://vbdvexcmqi.oedi.net/blog/bittorrent-support-thandy.

This doesn't mean our solution is the only solution. Getting others to extend or rethink our work is a fine idea and goal.

October 03, 2009

Permalink

i was hoping if you could consider and think about iranian users who are being filtered every houre too.

in iran i've got high speed , loads of people have high speed connections but the slow down be speed even worse than a dial up connection

you tell us what to do :(

We are working on helping users in Iran. We learned much about how iran works online in June/July of this year. We're working with many people to figure out next steps for Iran now. It seems Tor users in China and Iran both need bridges right now.

October 04, 2009

Permalink

Dear Gentlemens / Ladies, twitter.com website can accessed by Tor in this today, and Tor has return to normal conditions in China. We need to some Net Bridge!

October 05, 2009

Permalink

Another so called GFW made in US:

Symantec SEP 11 has blocked Tor, is there any way to solve this problem?

October 06, 2009

Permalink

To who provide bridges,thank you very much!

October 07, 2009

Permalink

Hi

I'm in Beijing, and was using hotspot shield until it got blocked for the 60th Anniversary.

Now I'm trying TOR, but i'm having problems.

I managed to get connected to the TOR network using Vidalia and bridges (The TOR onion is green).

I also downloaded torbutton for FireFox, and enabled the torbutton, which added some proxy settings - 127.0.0.1:8118 for HTTP proxy, and 127.0.0.1:9050 for Socks.

However, i'm still unable to browse the the restricted websites. In fact, i'm not able to browse anything after enabling torbutton.

Can anyone please help me?

Thanks

October 07, 2009

Permalink

I am from China, Now all other softwares (like freegate,ultrasurf,etc. or some VPN servers) seem to be blocked, Tor is the only software that can drill a hole in G.F.W, thanks a lot to those people who developed the Tor!!! we will never forget you!

October 07, 2009

Permalink

It's not too slow to get connected but extremely slow to browse.
I believe they are making an effort to block Tor further.

yUP tOOOO sloow man like turtle,but maybe turtle can run fast than TOR to browse web,.

October 08, 2009

Permalink

TOR is working very well in Beijing. Bandwidth is low sometimes, but all in all very satisfactory. Thank you!!!

October 09, 2009

Permalink

How can we work with bridges... please I need help.
I´m now in Wenzhou and I have no access to anything...

October 09, 2009

Permalink

There's a captcha on this page to stop robots leaving comments.

But there is no captcha on https://bridges.torproject.org/ to stop robots harvesting bridge addresses.

Hello? HELLO? Anybody home? It would take half an hour to implement and potentially greatly increase the effectiveness of the bridge system. Sort it out !

We already rate-limit and restrict requests on the bridges website internally. As you see with spam comments on blogs all around the world, captchas don't work too well.

October 20, 2009

Permalink

In the past few years, there were some Tor relays with IPs from China. If connected to one of those, it would be so slow and then connection timed out. Could they be working for GFW?

Today, after setting up bridges, there're no relay from China. Sorry, just can't trust anything from China, if have to, they should be used with caution.

October 20, 2009

Permalink

I hope we don't get a filter in Australia too (Aus government wants one :\ and are really quiet about it, nobody knows anything about it) That would really suck, so much for democracy ...

October 25, 2009

Permalink

Tor does not seem to be working for me in Xiamen, China.

I am not able to connect to any relays. Also, most pages linked to Tor (except this one) are inaccessible to me, just get a time-out message.

i am also in xiamen. just find a web proxy and goto https://bridges.torproject.org
you will get 3 of IP Bridge.

Then put them all to Vidalia -> Settings ->Network
Mark 'My ISP block connection....' and text box will showed
put Bridge IP here. then try to start Tor again... Good Luck!

PS.another way to get bridge is to send Email to
bridges@torproject.org
and put 'get bridges' in the body of the mail.

November 15, 2009

Permalink

I'm in Jiangsu,CHINA. TOR with bridge is working very well here. thanks.
And I find many TOR mirror sites via google.com,so I can download TOR software directly.
But I warry about upgrading of GFW in the future.

大陆的兄弟们,用搜索引擎可以找到很多TOR镜像,这样可以直接下载到TOR软件,然后用“桥”,就可以了。

April 01, 2010

Permalink

As one from China, I thank you all for your great contribution to freedom.
Apprently, bridges.torproject.org is blocked, now the only thing left is Gmail.

June 25, 2010

Permalink

for the past few days i've been unable to connect from china using bridges i've received through email