[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Tor is using different bridges every time I start


#1

It’s not Whonix related, I didn’t get any answer on tor.stackexchange and I found this forum.
My Tor Browser is using different obfs4 bridges every time I start. Is this okay ? Somewhere I read that Tor should use same bridge every time it connects and every 3 month it change the bridge. In my case Tor have 5 bridges it connect, one time it can connect to 1st bridge. If I close Tor browser and start it again it can connect to 2nd bridge or 3rd or again to 1st. It’s random.
I’m using default obfs4 bridges provided by Tor.


#2

Is here someone who know how bridges work and how often they should change ?


#3

Maybe ask on one of the Tor Project mail lists or the tor irc channnel?


#4

Hi user23519

Welcome to the Whonix forum!

Its difficult to know whats going on without more info. IIRC obfs4 bridges should rotate if there is a connection issue but not a different bridge every time you start Tor Browser

  • How do you know a different bridge is used every time you start Tor Browser?
  • Are you using Tails OS?
  • Have you altered your torrc other than adding bridges?
  • What happens when you comment out all but 1 bridge line?
  • Have you considered using Whonix? :slight_smile:


We have extensive documentation


#5

There is a button you click it and you see 1st hop, 2 hop and 3 hop.
No
No, just default that tor use
It connects. I was thinking bridges that was used before went offline so I comented all bridges and keep uncommented only the bridge that was used before and It connects.
I have Windows and Linux on my PC and a Windows virtualbox in Windows. All of them had Tor browser installed. As I remember all of them were using same obfs4 proxy for connection. After I noticed this issue I installed one more windows virtualbox and there I get different 1st hop(obfs4 proxy). I compare torrc of 1st windows virtualbox and 2nd windows virtualbox and saw that they have same list of bridges but in different consequence. Some days after I saw all OS-es and virtualbox-es except one is using same bridge.
I test it with whonix. I installed 2 gateway with exactly same settings, even consequence in torrc is the same. This 2 gateways use different bridge to connect(sometimes they use same bridge) and they also can connect to different bridges. For example one of gateways was using a bridge for 2 days and when I start it I saw it’s using a different one, next time I start this gateway again it was using bridge that was using 2 days.

Should I make whonix/tor/tails etc use same bridge to connect by commenting all bridges except one ?


#6

What do you think ?


#7

Hi user23519

I conducted a little research and your bridge behavior is considered normal. You can use a single bridge line in your torrc if you’d like. From what I have read there is no reason that you have to use multiple bridge line in your torrc. Meaning it does no degrade anonymity.

From https://torproject.org/docs/bridges

  1. Now you have two configuration options. You can use bridges which are preconfigured and provided with Tor Browser, or you can specify your own bridge(s).

More in depth information on bridges can be found here (recomended):

https://gitweb.torproject.org/torspec.git/tree/attic/bridges-spec.txt


#8

Thank you @0brand

You mean other people’s are facing same issue with random bridge every time they start Tor ?

Does that mean if

  1. I keep settings unchanged and it keep connect to different bridges
  2. Or I use single bridge
    level of anonymity is the same in both cases ?

#9

Meaning this is what is supposed to happen i.e. That is OK.

https://gitweb.torproject.org/torspec.git/tree/attic/bridges-spec.txt

Internally, each bridge user keeps a smartlist of “bridge_info_t”
that reflects the “bridge” lines from his torrc along with a download
schedule (see Section 3.5 below). When he starts Tor, he attempts
to fetch a descriptor for each configured bridge (see Section 3.4
below). When he succeeds at getting a descriptor for one of the bridges
in his list, he adds it directly to the entry guard list using the
normal add_an_entry_guard() interface. Once a bridge descriptor has
been added, should_delay_dir_fetches() will stop delaying further
directory fetches, and the user begins to bootstrap his directory
information from that bridge (see Section 3.3).

Tor Entry Guards rotate every 3 months of so. When bridges are used they act as Tor entry guards. (again from the above bridge spec.txt)

For now, bridge users add their bridge relays to their list of “entry
guards”

If you are using only 1 bridge i believe it would be reasonable to rotate your bridge every ~ 3 months or so. As far as anonymity, using 1 bridge should not have a negative affect except in certain corner cases. It is up to you whether to use 1 or multiple bridges in your torrc. Either way, you will be Ok.