@freedomofpress I'll top it:

I have setup private #TorBridges on occasion, because those are harder to block and detect than #VPN|s!

@thalon Neben den üblichen @torproject / #Tor / #TorBridges - Methoden wie #Snowflake, #meek & #webtunnel gibt's sonst nur die Möglichkeit von #Sneakernet und DIY-Antennen samt ausländischer #SIM|s oder gar #Richtfunk in #Grenznähe.

• Ähnlich wie #Nordkorea ist das mit Informatioen reinbekommen einfacher als rausschmuggeln.

Und angesichts historischer Präzedenzfälle wird kaum eine #Botschaft ne Art "#Freifunk" aufspannen und deren extrem teures #Satellit|en-#Internet teilen…

@m @TheVampireFishQueen @boggits @flangey @neil the tech is out there and cannot be contained.

• But unlike a #Luty-SMG or #FGC9 where most don't evej want to DIY one, circumventing #cyberfascism is "#mainstream" as in even the most disinterested kid wants it.

If I were a schoolkid in the #UK I'd be making ££££ selling USB flashdrives with @tails_live / @tails / #Tails on and setting up custom @torproject / #Tor / #TorBridges for my peers.

• Alas I'm not and thus do the next best thing and rather do a #CryptoParty to teach others how.to use Tails, Tor, #Monero, #SSH, #VPN|s, etc.

@lothar @virgil_tibbs @tobi Problem ist und bleibt dass @signalapp nicht nur zentralisiert ist sondern wegen #Rufnummer-Zwang samt Bestätigungs-#SMS diese direkt als Überwachungsziel für #Roskomnadnozr markiert...

Dann doch besser #Tails und ein paar private #TorBridges...

https://infosec.space/@kkarhan/115411438155930215

@mrmasterkeyboard not only protests but actively subverting it.

• We need something like a "#HowToTor?" guide site that teaches #TechIlliterate #Zoomers with the attention span of a #TikTok on how to setup @torproject / #Tor and do all their #browsing through it.

• Ideally we'd have kids start #copyparty events underground for @tails_live / @tails / #Tails and spread those alobgside #TorBridges along minors in the #UK so hard that the #Cyberfascists have to resign!

Or do you too remember that iconic #Copaganda poster by the #NCA?

• Cuz for every bullshit #Zensursula, #VanDerBolle and other #Cyberfascists are goebbeling up, I'll teach another person how to "#EncryptHarder!"...

#sarcasm #UKpol #OSA #UK #Cyberfascism

@Tutanota the most important part is to make such #Cyberfascism impossible to #enforce by going out of one's way to "#EncryptHarder"!

• Use proper #E2EE with #SelfCustody of all the keys! (#XMPP+#OMEMO [ @gajim / #gajim & @monocles / #monoclesChat] & #PGO/MIME [ @delta / #deltaChat & @thunderbird / #Thunderbird ])

• Normalize #Torification aka. shoving EVERYTHING through @torproject / #Tor with #TorBridges and #OnionServices

• #Teach others by running a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty in your area!

If we solely rely on #TechIlliiterates & #Cyberfascists like #Zensursula from @EUCommission to concede and apologize we might just give up already (pretty shure she has not apologized to @MOGiS to this day!)

• The only way we can guarantee our #inalienable #HumanRights ist be making them truly inalienable and letting politicans know said rights are as non-negotiable as the ban on "#DeathPenalty" aka. State-endorsed murder!

@adisonverlice @torproject OFC public WiFi also has it's drawbacks.

• Needing to swap MAC addresses every time to something random that isn't obvious, needing to use #TorBridges to circumvent #ContentFiltering and #Firewalling of said systems.

• Also don't get complaicent!

Either way, finding an #anonymous #FreePublicWiFi even in #Germany is easier and faster than getting #roaming #SIM anonymously...

@torproject Q: I wish there was a similar tool test #Bridges, as https://bridges.torproject.org/scan/ is not that good and I don't want to hammer it with dozens of addresses, cuz at best that's quite antisocial if not possibly trigger responses assuming this is an intelligence gathering operation.

• Ideally sone standalone binary that one can just give a list of #TorBridge|s in a text file (similar to the way one can just past them in at #TorBrowser) would help.

I.e.

bridgetest -v4 obfs4 203.0.113.0:80 …

bridgetest -v6 webtunnel [2001:DB8::1]:443 …

bridgetest -list ./tor.bridges.list.private.tsv 

• But maybe #onionprobe already does that. In that case please tell me to "#RTFM!"…

Similarly there needs to be a more granular way to request #TorBridges from #BridgeDB (as it's basically impossible to get #IPv4 #Webtunnel addresses nor is there an option to filter for #ports like :80 & :443 to deal with restrictive #firewalls (i.e. on public #WiFi)…

• there are flags like ipv6=yes but neither ipv4=yes nor ipv6=no yielded me other resultd than #IPv6 webtunnel bridges…

And before anyone asks: Yes, I do have a "legitimate purpose" as some of my contacts do need Bridges to get beyond a mandatory firewall and/or do use #TorBrowser (through an #SSH tunnel) to circumvent Tor & #VPN blocks and maintain privacy (as many companies do block sometimes entire #Hosters' ASNs due to rampant #scrapers…

I really need to dive into setting up webtunnel #TorBridges...

@torproject

#WhatsMissing: A tool to check if #TorBridges are still available/online/reachable that one can use either #standalone (with #TorBrowser and/or #Tor Expert Bundle) or on @tails_live / @tails / #Tails.

• Cuz I do run into issues and kinda want to sort #Bridges by availability so I don't waste time on a #TorBridge that is down and also thin-out the list of bridges that ain't online anymore.

Whilst I do acknowledge that @torproject do disrecommend having a huge list of Tor Bridges on hand, I do regularly need them for contacts who are behind a #GreatFirewall and can't #SSH-Tunnel out of it.

• Sadly #BridgeDB doesn't offer good #filtering options so one can't just query types effectively like "I need #webtunnel on #IPv4" or "I can only use Ports 80 & 443 on #IPv6" which may work.

Espechally being able to filter for #IPv4only and not just #IPv6only is something I miss, alongside the filter for #PluggableTransports type as @guardianproject #Orbot seems to only handle #obfs4 and not webtunnel or #meek at all...

• I'm pretty certain that merely pinging a bridge at it's port isn't working as a shure-fire way to check for it's availability.

@wmd @miqokin I've yet to find a nation that criminalizes @torproject but not #VPN|s that facilitate the same...

• Also commercial VPN providers are relatively easy to detect, filter & block unless they support #SSH-Tunneling.

Whereas #Tor has multiple ways to circumvent #InternetCensorship, includibg multiple #proxy & 9bfuscation systems like #obfs4, #meek, #webtunnel and regular #TorBridges on included, public query-able amd private lists...

One thing that @torproject is missing is a way to check availability and reachability of #Bridges with a simple tool.

• This is kinda vital as I do occasionally setup private #bridges and also want to enshure the private #TorBridges list I have is up to date.

Manually adding/removing one #bridge after the other in #TorBrowser and see if those connect is a relatively inefficient process and merely pinging them isn't viable either, espechally on #meek, #obfs4 and #snowflake type bridges.

• Now to make the obvious clear: I'd NEVER publicly list any #TorBridge on my lists.d repo obviously, because that would only harm #Tor...

I'm not even asking for like a fancy tool that is as clean as @micahflee 's #OnionShare but merely a #CLI thing (if necessary I'd build some #bash script) to automatically attempt to connect to said bridge and either spit out an ok or error.

• Something one can just feed with a text file and that'll spit out a different file with ok/working bridges and/or discards the non-working ones from the list.

And yes, this tool is kinda crucial as I want to quickly sift through a load of bridges that work on restricted ports (22, 80, 443) and thus can bypass the #GreatFirewall and #Roskomnadzor filtering...

• So people fleeing can at least safely communicate.

If anyone at #TorProject needs more details, I'll gladly exchange them in a secure manner.

• I also applied for a #gitlab account so I can help improve #documentation (ideally with some nice step-by-step screenshots so even "#TechIlliterates" can i.e. add a #bridge)...

@sodiboo @ipg cuz people use #Steam's #Chat to circumvent #Roskomnadnozr's #InternetCensorship and exchange @torproject / #TorBridges over it...

@ActuallyAubrey That depends on the juristiction in question, the plan & provider in question as well as used hardware in question.

• In case of even remotely suspected #Stalkerware I do recommend to get personally-owned, controlled, secured and hidden hardware to enable unsurveiled comms.

Consider telephony & SMS inherently & unfixably insecure.

• If in doubt get a new Android with an anonymous prepaid SIM that has affordable data options and use @torproject / #TorBrowser and #Orbot with #TorBridges on ports 80 & 443 which use #meek & #webtunnel transports, so any surveiling party will only see non-suspicious HTTPS traffic.

OFC a maliciously configured CPE/Router can log & report all pachets that travel through, but #DNS & #HTTP or any unencrypted comms are susceptible.

I still think a #VendingMachine not just for like #VPN's but private #TorBridges ( @torproject ) and like USB sticks with @tails_live / #Tails preloaded would be kinda awesome...

https://criticalengineering.org/projects/vending-private-network

@mcp Fuck #Roskomnadzor and #Russia's #Cyberfacism!

starts up extra #Snowflake #proxies and private @torproject / #TorBridges to piss off #Putin and his regime even harder

@torproject I did and do occasionally setup private #TorBridges on demand...

#WhatsMissing:
A #TorBridges #Bot on the #Fediverse which allows people to interact with #BridgeDB and just fill out:
- IPv4 or IPv6
- vanilla, obfs4, meek or webtunnel
- restricted ( 80 / 443 ) or unrestricted ports.

1. One can just DMs it i.e. "get bridge IPv4 webtunnel restricted".
2. it replies with a captcha (may it be image or audio)...
3. if solved replies with a bridge that fits these criteria...
4. to prevent spamming the bot with a single account, it has progressive timeouts and will mute/softblock users for 5 minutes per request at minimum and triples that after each until it maxes out at 24hrs. It also has a blocklist against spammers and certain instances...
5. the entire conversation gets deleted by the bot after 1 hour.

I think that's better than the allow-listing of the #eMail bot.
https://bridges.torproject.org

#Tor #TorBridge #Mastodon #bots #ActivityPub #development #API

@a000d4f7a91939d0e71df1646d7a48 @torproject I guess someone's doing traffic analysis of #TorBrowser...

Ideally I recommend people to stock up on #TorBridges via #BridgeDB beforehand...

https://mstdn.social/@kkarhan/111436869173146530

And yes, I've already tooted about @torproject 's #BridgeDB having need to improvement i.e. being able to filter #TorBridges for ports, type, IPv4 or IPv6 and so on.

I've slowly acquired a list of 49 bridges that I do share with trusted contacts in need...

OFC not the whole one as I want them also get some of their own - decentralization is key...