Tor Bridge Discovery: Extensive Analysis and Large-scale Empirical Evaluation

Tor is a well-known low-latency anonymous communication system that is able to bypass the Internet censorship. However, publicly announced Tor routers are being blocked by various parties. To counter the censorship blocking, Tor introduced non-public bridges as the first-hop relay into its core network. In this paper, we investigated the effectiveness of two categories of bridge-discovery approaches: 1) enumerating bridges from bridge HTTPS and email servers, and 2) inferring bridges by malicious Tor middle routers. Large-scale real-world experiments were conducted and validated our theoretic findings. We discovered 2365 Tor bridges through the two enumeration approaches and 2369 bridges by only one Tor middle router in 14 days. Our study shows that the bridge discovery based on malicious middle routers is simple, efficient, and effective to discover bridges with little overhead. We also discussed issues related to bridge discovery and mechanisms to counter the malicious bridge discovery.