Using Tor in China

The Great Firewall (GFW) of China blocks Tor nodes, along with the Tor website.[1] Despite this, some 2,000 users each day connect to Tor from China through the official Tor infrastructure.[2] An unknown further number connect through pre-proxies, which make them appear to be located outside China.[3],[4] This note enumerates five circumvention techniques that allow the user to connect to Tor from China. The references include Chinese-language tutorials. [15], [16], [17]

Method 1: Tor with Meek-Azure Bridge

Meek uses domain fronting to evade scrutiny by the GFW.[5] Since 2018, domain fronting has ceased to be feasible through Amazon or Google, and Azure remains the only possibility.[6] The technique is particularly attractive for political activists in China because it leaves no money trail.[7] It is also easy to use. Rather than connecting directly to a Tor guard node, the Tor Browser user simply clicks the Configure button.

The only Tor Browser configuration that is needed is to check the box saying that Tor is censored in the user’s country and select the built-in meek-azure bridge.

Method 2: Tor with Private Obfs4 Bridge

Public obfs4 bridges have been blocked since 2015.[8] However, an experiment shows that unpublished obfs4 bridges may continue to work for several months.[9] Setting up an unpublished obfs4 bridge requires the user to have access to an overseas server and some technical skills.[10] Adding PublishServerDescriptor 0 to the torrc configuration file keeps the server details unpublished.[11] Once the server has been configured, the bridge configuration line need simply be pasted into the Tor Browser.

Method 3: Tor Browser with Pre-Proxy

Though there are no verifiable statistics, using a pre-proxy may be more popular among Tor users in China than using the official Tor infrastructure.[3] With increasing reports of Shadowsocks (SS) and ShadowsocksR (SSR) servers being blocked, V2Ray has become more popular as an encrypted proxy.

Here the Tor Browser user specifies that they use a proxy to connect to the Internet and gives the details of the port on which the proxy client is listening. Most commonly this is 1080, though for V2RayN on Windows it defaults to 10808.[12]

Method 4: Firefox Browser with V2Ray Bridge

The Tor Browser downloads are hosted on the Tor Project website, which is itself blocked in China.[1] For some users, it may be more attractive to use a widely available browser and to proxy pass traffic to Tor outside the GFW. In this arrangement, Nginx passes traffic for a certain directory location to V2Ray, and V2Ray sends outbound traffic to Tor using the SOCKS protocol.[13]

To implement this approach, the browser user need only adjust the Firefox network settings.

As with the Tor Browser, the user specifies the listening port of the proxy client, which is commonly 1080 or 10808.

Method 5: Snowflake

Snowflake is an experimental technique whereby users behind the GFW connect to Tor through the computers of users in democracies.[14] It is currently offered only in Alpha versions of the Tor Browser for macOS and Linux.

References

[1] How China Is Blocking Tor, https://arxiv.org/pdf/1204.0447v1.pdf

[2] Users, https://metrics.torproject.org/userstats-bridge-country.html

[3] 近期安全动态和点评（2019年3季度), https://program-think.blogspot.com/2019/09/Security-News.html

[4] “如何翻墙”系列：关于 Tor 的常见问题解答, https://program-think.blogspot.com/2013/11/tor-faq.html

[5] doc/meek, https://trac.torproject.org/projects/tor/wiki/doc/meek

[6] Domain Fronting Is Critical to the Open Web, https://blog.torproject.org/domain-fronting-critical-open-web

[7] 为啥朝廷总抓不到俺 — — 十年反党活动的安全经验汇总, https://program-think.blogspot.com/2019/01/Security-Guide-for-Political-Activists.html

[8] Analyzing China’s Blocking of Unpublished Tor Bridges, https://censorbib.nymity.ch/pdf/Dunna2018a.pdf

[9] Test obfs4 reachability, https://trac.torproject.org/projects/tor/ticket/29279

[10] Debian / Ubuntu, https://community.torproject.org/relay/setup/bridge/debian-ubuntu

[11] Tor stable manual, https://2019.www.torproject.org/docs/tor-manual.html.en

[12] V2Ray Ubuntu Server and Windows Client, https://umaint.github.io/2019/01/05/v2ray-windows

[13] V2RayN Tor Bridge on Debian 10, https://arcdetri.github.io/v2rayn-tor-bridge-debian-10.html

[14] Snowflake, https://snowflake.torproject.org

[15] tor网桥-翻墙软件. Over-the-Wall Software — Tor Bridges. https://www.chromeba.net/tor网桥.html

[16] Tor浏览器太慢怎么办. Over-the-Wall Software — What To Do If Tor Browser Is Too Slow. https://www.chromeba.net/tor浏览器太慢怎么办.html

[17] “如何翻墙”系列：扫盲Tor Browser 7.5 — — 关于meek 插件的配置、优化、原理. “How to Overcome the Wall” Series: Tor Browser 7.5 Literacy — About the Configuration, Optimization, and Principles of Meek Plugin. https://program-think.blogspot.com/2018/04/gfw-tor-browser-7.5-meek.html