Tor: Bridges

Bridge relays (or "bridges" for short) are Tor relays that aren't listed in the main Tor directory. Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won't be able to block all the bridges. If you suspect your access to the Tor network is being blocked, you may want to use the bridge feature of Tor.

The addition of bridges to Tor is a step forward in the blocking resistance race. It is perfectly possible that even if your ISP filters the Internet, you do not require a bridge to use Tor. So you should try to use Tor without bridges first, since it might work.

Note that it's also possible that Tor is non-functional for other reasons. The latest version of The Tor Browser Bundle on Windows tries to give you better hints about why Tor is having problems connecting. You should also read the FAQ about problems with running Tor properly when you have issues. If you feel that the issue is clearly blocking, or you'd simply like to try because you're unsure or feeling adventurous, please read on. Ensure that you're using the latest 0.2.2.x or 0.2.3.x bundle for your platform.

To use a bridge, you'll need to locate one. Furthermore, you'll need to configure Tor with whatever bridge address you intend to use. You'll do this with Vidalia, the Tor controller. If your Internet connection requires the use of a proxy, you'll probably need to configure Vidalia to do so first. If you don't think you need to configure a proxy for your Internet connection, you probably don't. Give it a try and if you have issues, ask us for help.

Freedom House has produced a video on how to get and use Tor bridges. If you don't see a video below, view it at Youtube: Freedom4Internet Know of a better video, or one translated into your language? Let us know!

At the moment, you can get a bridge by visiting https://bridges.torproject.org/ with your web browser. If this page is filtered for you, and you don't have any other proxies or ways to reach it, there are other ways to find bridges too.

Understanding bridges

As an example, you'll get a bridge entry that looks like the following: 


    bridge 141.201.27.48:443 4352e58420e68f5e40bf7c74faddccd9d1349413

Understanding the components of a bridge line isn't strictly required but may prove useful. You can skip this section if you'd like.
The first element is the IP address: '141.201.27.48'
The second element is the port: '443'
The third element, the fingerprint, is optional: '4352e58420e68f5e40bf7c74faddccd9d1349413'

Using bridges with Tor and Vidalia

To use the example bridge address above, go to Vidalia's Network settings page, and click "My ISP blocks connections to the Tor network". Add each bridge address one at a time in the Vidalia Network settings page, by pasting it into the "Add a Bridge" window and then clicking the "+" sign. Adding a bridge is pictured below:



Vidalia's Network settings page

You'll want to add as many bridge addresses as you know about, since additional bridges will increase reliability. One bridge should be enough to reach the Tor network, but if you only have one bridge and it goes down, you will be cut off from the Tor network.

Finding more bridges for Tor

Another way to find public bridge addresses is to send mail to bridges@torproject.org with the line "get bridges" by itself in the body of the mail. You'll need to send this request from a gmail account, though — otherwise we make it too easy for an attacker to make a lot of email addresses and learn about all the bridges. Almost instantly, you'll receive a reply that includes: 

    Here are your bridge relays:

     bridge 60.16.182.53:9001
     bridge 87.237.118.139:444
     bridge 60.63.97.221:443

Once you've received the email with bridge information, you can continue the Vidalia configuration steps outlined above.

Running a Tor Bridge

If you want to help out, you should decide whether you want to run a normal Tor relay or a bridge relay. You can configure your bridge either manually or graphically:

If you get "Could not bind to 0.0.0.0:443: Permission denied" errors on startup, you'll need to pick a higher ORPort (e.g. 8080) or do some complex port forwarding.

When configured as a bridge, your server will not appear in the public Tor network.

Your bridge relay will automatically publish its address to the bridge authority, which will give it out via https or email as above. You can also tell a user about your bridge directly: if you're using Vidalia, you can copy-and-paste the bridge address from the Settings window. If you're on Linux or BSD, you can construct the bridge address manually using the format above (you can find the fingerprint in your Tor log files or in /var/lib/tor/fingerprint depending on your platform).

If you would like to learn more about our bridge design from a technical standpoint, please read the Tor bridges specification. If you're interested in running an unpublished bridge or other non-standard uses, please do read the specification.