Bridge relays (or "bridges" for short) are Tor relays that aren't listed in the main Tor directory. Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges. If you suspect your access to the Tor network is being blocked, you may want to use the bridge feature of Tor.
The addition of bridges to Tor is a step forward in the blocking resistance race. It is perfectly possible that even if your ISP filters the Internet, you do not require a bridge to use Tor. Many filtering programs look for unencrypted Tor directory requests to recognize that you're using Tor, but Tor version 0.2.0.23-rc and later use encrypted directory queries by default. This change means that most filtering programs are now unable to recognize Tor connections. So you should try to use Tor without bridges first, since it might work.
Note that it's also possible that Tor is non-functional for other reasons. The latest version of The Tor Browser Bundle on Windows tries to give you better hints about why Tor is having problems connecting. You should also read the FAQ about problems with running Tor properly when you have issues. If you feel that the issue is clearly blocking, or you'd simply like to try because you're unsure or feeling adventurous, please read on. Ensure that you're using the latest 0.2.1.x or 0.2.2.x bundle for your platform.
To use a bridge, you'll need to locate one. Furthermore, you'll need to configure Tor with whatever bridge address you intend to use. You'll do this with Vidalia, the Tor controller. If your Internet connection requires the use of a proxy, you'll probably need to configure Vidalia to do so first. If you don't think you need to configure a proxy for your Internet connection, you probably don't. Give it a try and if you have issues, ask us for help.
Freedom House has produced a video on how to get and use Tor bridges. If you don't see a video below, view it at Youtube: Freedom4Internet Know of a better video, or one translated into your language? Let us know!
At the moment, you can get a bridge by visiting https://bridges.torproject.org/ with your web browser. If this page is filtered for you, and you don't have any other proxies or ways to reach it, there are other ways to find bridges too.
As an example, you'll get a bridge entry that looks like the following:
bridge 22.214.171.124:443 4352e58420e68f5e40bf7c74faddccd9d1349413
Understanding the components of a bridge line isn't strictly required
but may prove useful. You can skip this section if you'd like.
The first element is the IP address: '126.96.36.199'
The second element is the port: '443'
The third element, the fingerprint, is optional: '4352e58420e68f5e40bf7c74faddccd9d1349413'
To use the example bridge address above, go to Vidalia's Network settings page, and click "My ISP blocks connections to the Tor network". Add each bridge address one at a time in the Vidalia Network settings page, by pasting it into the "Add a Bridge" window and then clicking the "+" sign. Adding a bridge is pictured below:
You'll want to add as many bridge addresses as you know about, since additional bridges will increase reliability. One bridge should be enough to reach the Tor network, but if you only have one bridge and it goes down, you will be cut off from the Tor network.
Another way to find public bridge addresses is to send mail to email@example.com with the line "get bridges" by itself in the body of the mail. You'll need to send this request from a gmail account, though — otherwise we make it too easy for an attacker to make a lot of email addresses and learn about all the bridges. Almost instantly, you'll receive a reply that includes:
Here are your bridge relays: bridge 188.8.131.52:9001 c9111bd74a710c0d25dda6b35e181f1aa7911133 bridge 184.108.40.206:444 c18dde4804e8fcb48464341ca1375eb130453a39 bridge 220.127.116.11:443 ab5c849ed5896d53052e43966ee9aba2ff92fb82
Once you've received the email with bridge information, you can continue the Vidalia configuration steps outlined above.
If you want to help out and you can't run a normal Tor relay, you should run a bridge relay. You can configure it either way:
- manually edit
your torrc file to be just these four lines:
SocksPort 0 ORPort 443 BridgeRelay 1 Exitpolicy reject *:*
- or using Vidalia:
If you get "Could not bind to 0.0.0.0:443: Permission denied" errors on startup, you'll need to pick a higher ORPort (e.g. 8080) or do some complex port forwarding.
When configured as a bridge, your server will not appear in the public Tor network.
Your bridge relay will automatically publish its address to the bridge authority, which will give it out via https or email as above. You can also tell a user about your bridge directly: if you're using Vidalia, you can copy-and-paste the bridge address from the Settings window. If you're on Linux or BSD, you can construct the bridge address manually using the format above (you can find the fingerprint in your Tor log files or in /var/lib/tor/fingerprint depending on your platform).
If you would like to learn more about our bridge design from a technical standpoint, please read the Tor bridges specification. If you're interested in running an unpublished bridge or other non-standard uses, please do read the specification.