Why can a state censor block "normal" Tor, and what is the core idea that lets Bridges defeat that?
The IP addresses of public Guard nodes are listed, so a censor can simply block them; a Bridge works because its IP is not publicly known, so it can't be blanket-blocked.
The censor's problem for the user (normal Tor):
- State censors block the known public Tor relays.
- Guard node IPs are publicly listed, so they're easy to blacklist.
- Deep Packet Inspection (DPI) can recognise Tor traffic by its signature.
- Result: users in repressive countries can't reach Tor.
The bridge solution — core principle: a bridge's IP is not in the public relay list, so a censor can't block it wholesale. Users obtain a bridge address separately (e.g. via bridges.torproject.org). Pluggable Transports go a step further and hide the protocol itself, so even DPI can't tell it's Tor.
Tip: Two separate problems — "is this IP a known Tor node?" (solved by bridges) and "does this traffic look like Tor?" (solved by pluggable transports). You often need both.
Go deeper:
Censorship circumvention (Tor Project support) — how bridges + pluggable transports defeat IP blocking and DPI.
Deep packet inspection (Wikipedia) — the DPI technique that recognises Tor traffic by signature.