Anti censorship

Overview of anti-censorship in Tor

Snowflake is the big player low Snowflake proxies - it only matters if there is internet

Obfs4 is active

Webtunnel, similar to Signal bridges

Focus on the last study was painpoints for users - usability - bootstrapping is slow (if it works at all) - it is difficult to understand if (i) you have full access and slow, (ii) you have full access but capped (e.g., slowing down TLS connection is very effective for censorship),

Challenges with Tor integration - easy to integrate with just Tor, but difficult to integrate Snowflake, Obfs4 - guardian project: running all the PTs as a thread (works in iOS)

Anecdotal evidence suggest that anti-war demos sell the idea of PTs.

Making Tor clients provide some anti-censorship functionality.

many of the existing PTs PQ stories/plans - Obfs4 uses alligator handshake and might not be possible to migrate to PQ schemes.

Notes on weekly censorship meetings are on IRC.

There is also somewhat inactive PT community: pluggabletransport.info Active meetups: FOCI (during PETS, and virtual)

Obfs5 (RACECAR project, Micah and Rob)

Bridge distribution bridge DB is replaced by artisys - ctor: telegram, twitter, other social media - distributed by bridges from Seige, the bridge OA - domain fronting is used to project this bridge from being censored - LOX, Salmon + Hyphae draft: cluster bridges into different pools (based on qualities), if a good quality bridge gets blocked the users of the bridge gets penalty and moved down to lower quality pools - so reputation based - V2 Ray, V2 fly

Active probing is less of a concern after Obfs4, but it's still possible in theory.

Conjure

decoy routing - Telex is gen 1 - Conjure is generation 3 decoy routing, now it is called refraction networking

Conjure needs ISPs to expose edge routers that are connected to Conjure stations. Conjure stations need to communicate with each other. The edge routers are outside the censored region. A user/client tries to register (during TLS handshake) for a phantom address and that could be detected by a detector residing with the Conjure station.

SiegeBreaker

What are the incentives for an ISP to deploy such decoy routing services? - can there be financial incentives? what would be the business model there?