Well, it seems IRAN is being an idiot and it’s blocking all secure protocols such as SSL which basically means they can monitor HTTP traffic and they can block websites, thanks to this filter majority of the websites are not out of reach to Iranians. Simply put they can’t access Gmail. But that’s just part of the story, unfortunately Pakistan is doing the same thing, they’re not doing the whole SSL block campaign but they’re banning websites and telling users to complain to them about it which I would gladly do if it made any difference.
So, here is an e-mail that you should read:
Hi,In the last 48 hours a major campaign of filtering has started in Iran - it started slow and now appears to be that nearly all SSL/TLS traffic is blocked on a few major Iranian ISPs. Details are rather rough but we're working on some solutions - we've long had an ace up our sleeves for this exact moment in the arms race but it's perhaps come while the User Interface edges are a bit rough still.Here's the deal - we need people to run Tor bridges but a special kind of Tor bridge, one that does a kind of traffic camouflaging - we call it an obfuscated bridge. It's not easy to set up just yet because we were not ready to deploy this for everyone yet; it lacks a lot of analysis and it might even only last for a few days at the rate the arms race is progressing, if you could call it progress.There are highly technical instructions here: https://www.torproject.org/projects/obfsproxy-instructions.html.enCurrently if you run such a bridge, you'll either need to manually tell us (via email to tor-assistants at torproject.org ) about it or you'll need to share these bridges with people you want to help directly. It's a pain and we're working on it.Here's a bug report where we're working around the clock to get stuff going in a user friendly manner: https://trac.torproject.org/projects/tor/ticket/5009#comment:17This kind of help is not for the technically faint of heart but it's absolutely needed for people in Iran, right now. It's likely that more than ~50,000 - ~60,000 Tor users may drop offline.Watch this graph for an idea of the censorship impact of directly connecting Tor users: direct-usersHere's the same graph but for Tor bridge users in Iran: bridge-usersWe're working on easy to use client software and if you're in Iran or need one desperately, please email help at rt.torproject.org.We'll try to get you a working obfsproxy bridge address and working client software.All the best, Jacob
I wanted to run a Tor Bridge on my system just to help everyone out but I am worried because I might get into some real trouble for it, plus I am on fiber with a static IP from time to time, it makes it easier for me to get in trouble, plus it’s not really that easy to setup a Tor bridge. It’s not that hard either if you’re used to Linux. I am thinking of using my VM and running Linux on it and then using the Virtual Ethernet Adapter and setting things up there but I would need to open my Firewall port and it’s still risky as hell for me. Plus, I don’t trust IRAN or Pakistan, considering what majority of them search, I am sure the service I offer will get abused.
But you should read the guide:
Obfsproxy Instructions
Step 1: Install dependencies, obfsproxy, and Tor
You will need a C compiler (gcc), the autoconf and autotools build system, the git revision control system, pkg-config and libtool, libevent-2 and its headers, and the development headers of OpenSSL.
On Debian testing or Ubuntu oneiric, you could do:
# apt-get install autoconf autotools-dev gcc git pkg-config libtool libevent-2.0-5 libevent-dev libevent-openssl-2.0-5 libssl-devIf you’re on a more stable Linux, you can either try our experimental backport libevent2 debs or build libevent2 from source.
Clone obfsproxy from its git repository:
$ git clone https://git.torproject.org/obfsproxy.git
The above command should create and populate a directory named ‘obfsproxy’ in your current directory.Compile obfsproxy:
$ cd obfsproxy
$ ./autogen.sh && ./configure && makeOptionally, as root install obfsproxy in your system:
# make installIf you prefer not to install obfsproxy as root, you can instead just modify the Transport lines in your torrc file (explained below) to point to your obfsproxy binary.
You will need Tor 0.2.3.11-alpha or later.
Step 2a: If you’re the client…
First, you need to learn the address of a bridge that supports obfsproxy. If you don’t know any, try asking a friend to set one up for you. Then the appropriate lines to your tor configuration file:
UseBridges 1
Bridge obfs2 128.31.0.34:1051
ClientTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managedDon’t forget to replace 128.31.0.34:1051 with the IP address and port that the bridge’s obfsproxy is listening on.
Congratulations! Your traffic should now be obfuscated by obfsproxy. You are done! You can now start using Tor.
Step 2b: If you’re the bridge…
Configure your Tor to be a bridge (e.g. by setting “ORPort 9001” and “BridgeRelay 1”). Then add this new line to your tor configuration file:
ServerTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed
Launch Tor using this configuration file. You can do this by using your favorite init script, or by pointing the Tor binary to the torrc file:
Next, find the TCP port opened by obfsproxy. Look in your log file for a line similar to this one:
The last number, in this case 34545, is the TCP port number that your clients should point their obfsproxy to.
I know I should be more supportive regarding this but I just can’t be arsed about this, considering the type of Islamic idiots are there, I don’t think we will miss much, however if this happened to America, I might actually go out of my way to assist them. You should probably read up on Tor and it’s nodes, it will greatly increase your chances of Internet survival. Oh and don’t trust anyone and stop using Facebook.
