Tor is a network designed for low-latency anonymous communications.
Tor clients form circuits through relays that are listed in a public
directory, and then relay their encrypted traffic through these
circuits.  This indirection makes it difficult for a local adversary
to determine with whom a particular Tor user is communicating.  In
response, some local adversaries restrict access to Tor by blocking
each of the publicly listed relays.  To deal with such an adversary,
Tor uses bridges, which are unlisted relays that can be used as
alternative entry points into the Tor network.  Unfortunately, issues
with s bridge implementation make it easy to discover large numbers of
bridges.  An adversary that hoards this information may use it to
determine when each bridge is online over time.  If a bridge operator
also browses with Tor on the same machine, this information may be
sufficient to deanonymize him.  We present BridgeSPA as a method to
mitigate this issue.  A client using BridgeSPA relies on innocuous
single packet authorization (SPA) to present a time-limited key to a
bridge.  Before this authorization takes place, the bridge will not
reveal whether it is online.  We have implemented BridgeSPA as a
working proof-of-concept, which is available under an open-source
licence.