Skip to Main Content
Tor is a well-known low-latency anonymous communication system that is able to bypass Internet censorship. However, publicly announced Tor routers are being blocked by various parties. To counter the censorship blocking, Tor introduced nonpublic bridges as the first-hop relay into its core network. In this paper, we analyzed the effectiveness of two categories of bridge-discovery approaches: (i) enumerating bridges from bridge https and email servers, and (ii) inferring bridges by malicious Tor middle routers. Large-scale experiments were conducted and validated our theoretic findings. We discovered 2365 Tor bridges through the two enumeration approaches and 2369 bridges by only one Tor middle router in 14 days. Our study shows that the bridge discovery based on malicious middle routers is simple, efficient and effective to discover bridges with little overhead. We also discussed the mechanisms to counter the malicious bridge discovery.