Conjure pluggable transport for Tor ready for pre-alpha testing

[wkrp]

@cohosh writes with an opportunity to test a Conjure pluggable transport for Tor, before it is made part of the alpha Tor Browser. At this point you have to compile it yourself. The team is looking for developer feedback. We have talked about Conjure before at #18.

https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429

Conjure is an anti-censorship tool in the refraction networking (a.k.a. decoy routing) lineage of circumvention systems. The key innovation of Conjure is to turn the unused IP address space of deploying ISPs into a large pool of "phantom" proxies that users appear to connect to. Due to the size of unused IPv6 address space and the potential for collateral damage against real websites hosted by the deploying ISPs, Conjure provides a possible solution to the problem of censors enumerating and blocking deployed bridges or proxies.

I've been working with Jack Wampler and Eric Wustrow at the University of Colorado to implement a Conjure PT for Tor that uses the existing deployed Conjure stations.

Next steps

This PT is currently in development and only recommended for testing.

We still have some work to do before the Tor Conjure PT can be rolled out to a large user base. The PT in its current form is very minimal in its features. We're reaching out to the development community now for initial feedback and testing. We are planning a slow ramp of client traffic to avoid placing stress on the stations and improve the reliability and censorship resistance of our setup.

Try it out yourself

Instructions for cloning and building this PT are in the repository. In the client/ directory there are two provided torrc files. For testing the production Conjure deployment, you may use the one named torrc. The other file, torrc-testing is for use with the libvirt-based testing and development environment.

Successful bootstrapping can take a few tries due to high load at the station. More detailed log messages will be written out to a log file conjure.log by default. This can be changed by modifying the -log argument in the ClientTransportPlugin line of the torrc file. If the station is overloaded, you will see a message like the following in conjure.log:

[11:32:12] [1-d9b572] failed to dial phantom [scrubbed]: dial tcp [scrubbed]: i/o timeout

Please try it out, open issues, ask questions, provide feedback!

[wkrp]

Progress on integrating Conjure into Tor Browser continues. Now it's available in pre-compiled form in Tor Browser nightly builds, for desktop and Android.

Conjure is not yet made visible as a default bridge option in the UI. The necessary software is preinstalled, but you need to manually enter a bridge line.

1. Go to https://nightlies.tbb.torproject.org/nightly-builds/tor-browser-builds/ and download a recent package (2023.02.01 or later).
2. To verify the signature, download torbrowser-nightly.gpg and the sha256sums-unsigned-build.txt and sha256sums-unsigned-build.txt.asc files. Verify the signature on sha256sums-unsigned-build.txt and then check the hash of the installation package. You are looking for Good signature and OK.

   $ gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt
   gpg: Signature made Thu 02 Feb 2023 05:08:31 AM UTC
   gpg:                using RSA key CB91EDC56B9E276D7144ABD567509BB73B8DE954
   gpg: Good signature from "Tor Browser Nightly Builds <tb-builder@tb-build-01.torproject.org>" [unknown]
   gpg: WARNING: This key is not certified with a trusted signature!
   gpg:          There is no indication that the signature belongs to the owner.
   Primary key fingerprint: CB91 EDC5 6B9E 276D 7144  ABD5 6750 9BB7 3B8D E954
   $ sha256sum --check --ignore-missing sha256sums-unsigned-build.txt
   tor-browser-linux64-tbb-nightly.2023.02.02_ALL.tar.xz: OK
   

3. Extract the package and run it.
4. Click Configure Connection... then Add a Bridge Manually and enter the following bridge line:

   conjure 143.110.214.222:80 url=https://registration.refraction.network.global.prod.fastly.net/api front=cdn.sstatic.net
   

   The bridge-moji should be 🔮🌳🌙🫒.
5. Then click Connect. It may take some time to get a working connection. In the Tor logs, you may see messages like "retrying conjure registration, station is under high load".

The developers are looking for success or failure reports. This is your chance to be able to say: "I was there—I was using Conjure in Tor Browser when it was still only in nightly builds" 😁

[wkrp]

Conjure is now packaged with normal alpha builds of Tor Browser. You still have to enable it manually.

https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-test-conjure-on-tor-browser-alpha/7815

Desktop

1. Download and install the latest alpha version of Tor Browser for Desktop (make sure you have a backup of your existing browser setup).
   https://www.torproject.org/download/alpha/
2. Open Tor Browser and navigate to the Connection preferences window. Or Click on “Configure Connection…”.
   Menu > Settings > Connection (about:preferences#connection)
3. Click on “Add a Bridge Manually”. Copy and add the bridge line below in the field.

   conjure 143.110.214.222:80 url=https://registration.refraction.network.global.prod.fastly.net/api front=cdn.sstatic.net
   

4. Click “OK” to close the bridge dialog. Finally, scroll up and click on “Connect”.
5. If you see a purple screen “Test. Thoroughly.” or if your Tor Browser Alpha was updated, you will see "Tor Browser has been updated”. Then, it means Conjure is working and you can use it for your browsing activities.
6. Take note of any issues, errors, or unexpected behavior you encounter while trying to connect to Tor using Conjure.

Android

1. Download and install the latest alpha version of Tor Browser for Android.
   Tor Project website, Google Play, or the Guardian Project F-Droid. If you need help to install from F-Droid, check out the Tor Browser User Manual.
2. When you run Tor Browser for the first time, you will see the option to connect directly to the Tor network, or to configure Tor Browser for your connection with the settings icon.
3. Tap on the settings icon. Tor Browser will take you through a series of configuration options. The first screen will tell you about the status of the Tor Network and provide you the option to configure a Bridge (‘Config Bridge’). Tap on ‘Config Bridge’.
4. Choose the “Provide a Bridge I know” option and then enter this bridge address:

   conjure 143.110.214.222:80 url=https://registration.refraction.network.global.prod.fastly.net/api front=cdn.sstatic.net
   

5. Tap ‘OK’ and, if everything works well, it will connect.

Submit your feedback

Submit your feedback and findings here on this topic or use Conjure GitLab repository for technical reports. Include a clear description of the problem, your Tor logs, steps to reproduce it, and any relevant details.

By testing Conjure and reporting any issues, bugs, or suggestions, you will contribute significantly to refining its performance and optimizing its capabilities. Your participation will not only benefit the Tor community but also help advance the Internet freedom community.