How and Why to Support Tor: Insights from the Tor Project

Interview from the Privacy Accelerator series with technical experts and censorship researchers. This time, we speak with Gus Gustavo, a representative of the Tor Project team. Gus supports Tor communities worldwide, including Russian-speaking users from various countries.

The Tor Project is a non-profit organization based in Winchester, New Hampshire, USA. The project is primarily responsible for maintaining the software for the Tor anonymity network, as well as conducting research and user education. Tor’s ecosystem tools help users stay anonymous online and bypass censorship restrictions.

Privacy Accelerator previously spoke with Gus in January 2022 at the Privacy Day conference, just as widespread censorship was ramping up in Russia. At that time, Roskomnadzor began blocking Tor, and “Roskomsvoboda” launched a legal campaign to challenge the block.

What has changed in the Russian censorship system over the past year and a half, especially in how censors try to counter circumvention tools? How do blocks happen, and how does the anti-censorship community respond? What new features has Tor introduced for its users? And how does censorship in different countries influence each other, and why is the development of circumvention tools in Iran so important for Russia (and vice versa)? Find the answers in this interview.

“If We Make Protocols More Resistant to Censorship in Iran, It Helps People in Russia Too”

What the Tor Team Has Learned About Censorship in Russia

• Our previous conversation was over a year and a half ago. Back then, it seemed like the early stage of total censorship in Russia. The censor identified Tor network IP addresses and blocked them. There was also an attempt to block the Snowflake protocol, which is used to bypass IP-based censorship.

Yes, a lot has happened in the past year and a half. I think we’re starting to understand the situation in Russia better, though there are still some mysteries to solve.

First key finding: Right now, you can use Tor without a bridge. If you check Tor metrics, you’ll see that many people in Russia connect directly to the Tor network. This is possible due to the specifics of how TSPU (technical means of countering threats) devices work, which apparently aren’t installed at all ISPs. Many Russian ISPs still don’t block Tor.

Second: Even if TSPU devices are installed, they don’t get the entire Tor network directly. Tor is a public network, and TSPU devices need time to block the necessary IP addresses. So, you can still connect to a Tor IP address without obfuscation.

We’ve also concluded that censorship in Russia isn’t universal. Some regions have stricter censorship, especially to counter protests or social mobilization. So, censorship rules in Moscow may differ from those in other cities or regions. However, this is just a hypothesis for now.

Back in January 2022, we didn’t know all this. But we’ve since learned about Russian censorship, its goals, how TSPU devices are deployed, and the challenges involved. It was also interesting to see censors trying to block not just Tor, but also other VPN technologies. We studied their blocking strategies.

We were fortunate to have a group of informants and people leaking documents from Roskomnadzor. The free press publishing these documents and writing about Russian censorship helped us a lot.

On Russian DPI and Why Tor Still Works

For readers unfamiliar with Russian internet censorship jargon: TSPU is essentially a type of state-level DPI (Deep Packet Inspection) that handles most internet censorship in Russia. So, many users can still connect to Tor because the Russian DPI system lags behind in tracking Tor network IPs and can’t find them automatically, right?

Yes, and that’s part of the unsolved mystery: why TSPU can’t do this. In other cases, these devices have implemented fingerprint-based blocking against VPNs and Snowflake.

Since censorship events are happening worldwide, Tor is constantly improving its tools to avoid blocks in various countries. And since the same protocols are used in different countries, making them more censorship-resistant in Iran also helps people in Russia.

For example, Snowflake is the same for users in Russia, Iran, and China. Over the past year, we’ve seen a lot of censorship in Iran, especially blocking Snowflake for Orbot. It took us about two weeks to understand and respond with a fix. Thanks to our community and testers in Iran, we learned that Snowflake traffic was being blocked by fingerprinting.

After we implemented a fix to bypass the block in Iran, we also saw more active users in Russia. It’s fascinating how anti-censorship technology that becomes more resilient in one country spreads to others. When Tor is unblocked in Iran, it also helps people in Russia, China, and beyond. Isn’t that great?

How Censorship Tactics Have Changed

Last time we spoke, Tor was mainly blocked by IP. Censors identified bridges distributed via the Tor Browser’s Moat feature, and those bridges didn’t work. But bridges distributed via email or Telegram bot mostly worked because they were different. What’s changed since then?

Previously, we think they worked manually, similar to how censors blocked Telegram proxies. They have lots of staff, and I assume they get bonuses for blocking proxies. So, they manually identified Tor bridges to block them. People were paid to solve captchas and rewrite addresses by hand, then block those IPs.

Last year, around July or August, censorship methods changed. They no longer block at the same pace as from December 2021 to March 2022. Why, I don’t know.

Now, it’s slower. Previously, a bridge would be blocked within a week or a few days, which is slow compared to China, where everything is shut down within hours or a couple of days. In Russia now, bridges we or our community deploy last much longer.

I think—though I have no proof—that this is related to sanctions against Russia. Sanctions may have affected their plans to deploy censorship devices and TSPU. Some companies stopped supplying firewalls and other equipment due to sanctions. There are articles about this. Or maybe censors just focused on other projects. That’s possible too.

Comparing Russian and Chinese Censorship

We recently spoke with someone who researched the GFW Report. He described the Great Firewall of China as a truly high-tech system, with machines tracking connections, actively probing servers, and then applying temporary censorship—all automated, like something from a sci-fi movie. But you’re describing something quite different: in Russia, real people manually solve these tasks and even get bonuses for it.

I think Russian censorship works in two ways. They have advanced methods—like blocking Snowflake via fingerprinting, which is non-trivial. But they also block obfs4 bridges just by IP, identifying those IPs manually.

So, unlike China, where there’s a lot of automation, Russia’s method is a mix of manual work and specific advanced techniques used occasionally for certain protocols. It’s interesting how censors operate differently in different countries.

There’s also some cooperation and interest in closer collaboration between states on censorship. Leaks from Roskomnadzor last year showed Russian authorities studying how censorship is done in Kazakhstan, Iran, and China.

Recent High-Tech Censorship in Russia

We tracked one story: people reported that Snowflake didn’t work with some ISPs in certain regions, like St. Petersburg. We tried to figure out what was happening, but not very successfully. It turned out we solved the problem when we fixed Snowflake fingerprints in Iran last year.

It seems censors tried to block Snowflake again with some Russian ISPs, using a new fingerprint that worked after our fix for Iran. Snowflake can’t be blocked by IP. In Iran, we have over 100,000–150,000 Snowflake proxies, many with dynamic IPs. If they’re blocked today, you get a new IP tomorrow and your proxy works again. So, the way to fight this protocol will be different and more advanced.

How Tor Circumvents TSPU Blocks Today

It seems you’re constantly improving Tor and Tor Browser, adding features to make your tools more censorship-resistant.

That’s right. For example, last year we made significant changes to Tor Browser and implemented the “Connection Assistant.”

By default, when you first launch Tor Browser, it tries to connect to the Tor network automatically. If it fails, it checks your location. If you’re in Russia, the Connection Assistant decides to use a bridge. The app gets this info from the Tor network via a special anti-censorship API. It decides Russian users should use Snowflake or obfs4, and tries to connect you to one. If that fails, it tries another pluggable transport. If all attempts fail, it suggests requesting a bridge directly from the Tor Project.

This may seem like a small step, but for Tor it was a breakthrough, a solution we’d been developing for years.

What Works for Russian Users Now?

Right now, obfs4 and Snowflake work well in Russia. Some users report Snowflake doesn’t work, but often it’s just overloaded—especially when heavily used in Iran—so it’s slower than obfs4. People think it’s blocked, like when Twitter was “slowed down” in Russia. With Tor, it’s the same: people say it’s blocked because it’s slow, but it’s just overloaded.

Overall, obfs4 and Snowflake work, and sometimes plain Tor works too. So, all three methods are currently available in Russia.

Globally, over the past year and a half, Tor connectivity has improved. I think it’s because Russian authorities have been too busy. Hopefully, they’ll stay bogged down in bureaucracy for another forty years before thinking about Tor again.

But efforts to block Tor are ongoing. The game isn’t over. Censors are likely studying how to block various protocols, which takes time—finding and hiring people, developing fingerprinting methods, and monitoring collateral blocks.

Advice for Russian Users Struggling to Connect

If you’re using Tor Browser, just try the Connection Assistant—it will cycle through available options: obfs4, then Snowflake. If that doesn’t work, we have a Telegram bot to get a bridge. If that fails, you can contact us through our support channel.

User Support and the Importance of Email

What is your “support channel”? We understand the Telegram bot, but what else do you use? How do people contact you?

We’ve launched various user support channels. We have a Telegram channel—not a bot, but a real person answers. This channel is popular in Russian-speaking countries and Iran, since Telegram has a huge community in the Global South. Every year, we get thousands of support requests from Telegram alone.

Thanks to Russian censorship in 2021, we now have someone dedicated to helping Russian-speaking Tor users worldwide. We’ve helped people in Kazakhstan during internet shutdowns, and in Turkmenistan. We help Russian speakers everywhere. Thanks to Russian censors for creating new opportunities and helping us grow!

The second channel we launched this year is WhatsApp. It’s very popular in Brazil, India, and other countries. You can message us on WhatsApp: “Hi, I’m trying to bypass censorship, but Tor isn’t working.” Our support team will help you.

The third channel is Signal. It’s less popular, probably because people are afraid to reveal their phone numbers. With Telegram, you only need a username. That’s likely why Signal is less used.

And finally, we have email. Email is very important because in some regions, governments block all apps: Telegram, WhatsApp, Signal. Then, email is the only way to reach us. Some people think email is outdated, but for working in heavily censored countries, it’s crucial, as it lets us help users connect to Tor.

What’s New in Tor Thanks to—and Despite—Censorship

How has the Tor network and browser changed recently, and what are you working on now? Beyond the tricks to beat Snowflake fingerprinting, are there any major changes?

We have lots of projects running in parallel. One big thing: our team is rewriting Tor from C to Rust, a language with useful security features. This transition is important, and as we rewrite, we can implement long-desired solutions.

In the future, we’ll change our browser to use Arti instead of Tor. Arti is a Rust implementation of Tor. For users, this means a faster Tor network, a faster client, and fewer bugs. We’re also working on a new project based on Arti called Tor VPN, currently in pre-alpha and not ready for use or testing. The idea is to have an app similar to Orbot.

Some things can be tested now. We have a new pluggable transport called Conjure, which obfuscates Tor connections to look like you’re connecting to an ISP in another country, which then connects you to Tor. We’re testing Conjure now, gathering bug reports before a wider release.

Another technology is Web Tunnel, a way to trick censors into thinking you’re just visiting a website, not connecting to Tor. If they inspect your traffic, it looks like normal web browsing. We’re launching Web Tunnel as another pluggable transport.

Finally, we have a new technology called Lox, planned for alpha release in January. Lox is an anonymous credential system that makes it very hard for censors to enumerate Tor bridges. It can recognize users who get access to certain bridges and then immediately block them—these users are identified as censors and won’t get more bridges. We’re finalizing the technology now. A year or two ago, it was just an idea; now we’re implementing it. The design will be presented at PETS (The Privacy Enhancing Technology Symposium), and we plan to alpha test it in Russia, since we’ve seen Russian censors manually enumerate bridges. But Lox is suitable for any censorship system, not just Russia.

Why Not Make Obfs4 Default in Tor?

One user asked: why not make Obfs4, which makes censorship harder, the default in Tor? Why have an unobfuscated version with extra obfuscation settings?

Good question. I wondered the same years ago. But more precisely, why not just fix the Tor protocol to be more resilient instead of creating pluggable transports?

The thing is, it’s very hard. Censors constantly change strategies. Heavy pluggable transports always involve trade-offs. Some use domain fronting (which is expensive), others aren’t very performant (but that’s okay for them). There’s always a compromise between circumvention and privacy features.

So, instead of constantly changing the Tor protocol to fit different censorship situations, we created pluggable transports. If one is blocked, users can just switch to another that works.

If, for example, Obfs4 were used by default on all relays and a government blocked it, we’d have to update the entire Tor network, contact all operators, and check OS compatibility. With pluggable transports, we have a much more flexible tool, easier to test and to create new obfuscation transports.

Why Tor Collaborated with Mullvad and What Came of It

You have many projects, including a collaboration with Swedish VPN provider Mullvad. Can you tell us about it? Our Telegram channel users asked about this.

The Tor Project is a non-profit with limited resources. Our users don’t pay for our products. Other companies, like VPNs, have a different business model—they charge for their services.

We started working with Mullvad a year ago. Tor has no experience running VPNs or providing servers, while Mullvad lacks research and expertise in fingerprinting, cookies, and other privacy issues in web browsers. Mullvad approached Tor Project to partner and fund development. Their users wanted a private browser with fingerprinting protection.

The idea was to have a browser that, instead of connecting to Tor, would be a Tor Browser without Tor. Many users have long requested this: they want all Tor’s anti-tracking protections and better default settings than traditional browsers like Firefox, Chrome, or Safari.

We partnered with Mullvad and released Firefox with our security patches to prevent tracking and fingerprinting issues present in Firefox. Mullvad and we applied these patches, resulting in two branches: one for Tor Browser, one for Mullvad Browser.

This was a very beneficial partnership. Many sponsors only want innovation, but most work is maintaining Firefox code and applying patches to make it more private. Mullvad pays us for this maintenance, a classic win-win: it benefits Mullvad, Tor, and the community, since it’s open-source. We’re very happy with this collaboration.

How Automated Are These Fixes?

Our subscribers want to know: are these fixes fully automated, or do you manually update Firefox source code each time?

The hardest part is that we use Firefox ESR, which updates infrequently but with many changes at once. It’s different from the regular Firefox on their site. When the version jumps from 100 to 110, we have to apply all patches manually. This is done for every major Firefox release. The main work is creating and testing patches to ensure they don’t break anything new. Sometimes, we have to adjust patches from previous releases. Once the release is ready, it becomes more automated.

So, it’s a semi-automated project. If there are many patches, it usually requires manual work, or else everything breaks. It’s good that Mullvad helps by funding this work. When we apply patches or write new ones for anti-tracking or fingerprinting, it’s hard to find sponsors. It’s not “sexy” for them—they don’t realize how important bug fixes and security patches are.

CONTINUED IN THE NEXT PART OF THE INTERVIEW