Yes that is how you start using bridges. Obfsproxy tries to obfuscate the fingerprint of the Tor protocol. Pretty much there are two ways that your ISP can tell that you are using Tor. One way is by keeping a list of all known Tor nodes and monitoring for any connections to those IP addresses. Bridges help solve this problem because it is relatively harder to enumerate all Tor bridges than it is to enumerate all public Tor relays. Government level attackers have managed to enumerate a large percentage of Tor bridges, but even China has not been able to enumerate 100% of all bridge IP addresses 100% of the time. Also you can use private bridges for the best membership concealment. But the ISP can also detect you are using Tor by looking for traffic that has a fingerprint matching Tor traffic. For example, Tor packets are all 512 bytes and so by looking for streams of 512 byte packets the ISP can detect Tor traffic even if it isn't being routed to a Tor relay known to the ISP. Obfsproxy tries to obfuscate your traffic, which means that it tries to make it so somebody observing your traffic can not fingerprint it as Tor traffic. Using a bridge with obfsproxy is your best bet for hiding that you are using Tor from your ISP, in addition to not connecting to any public Tor relays your traffic will also be modified so that it doesn't look like Tor traffic. Using a semi-private bridge with obfsproxy is probably better membership concealment than using a VPN, using a private bridge with obfsproxy is pretty much state of the art membership concealment. It totally depends on if you want to try to hide the fact that you are using Tor or not. It really is a rather complicated decision to make. If you are a vendor shipping packages out of butt fuck nowhere, and LE can enumerate Tor users in butt fuck nowhere, then you could be in very big trouble. In such a case it makes sense to try your best to hide that you are using Tor. On the other hand if you ship packages out of a major city, and LE can break the membership concealment properties of Tor, they might be able to tell that out of the 1,000 people using Tor in your city only you are trying to hide that you are using Tor, and then you could be worse off than you were in the first place. For the most part I would definitely lean towards using membership concealing techniques though, but it isn't so cut and dry actually. Yes using a bridge is pretty much the bare minimum you must do to be able to hide that you are using Tor. It is not 100% guaranteed to hide that you are using Tor, but it is pretty much 100% guaranteed that you will not hide that you are using Tor unless you use a bridge (or VPN I suppose, but then you are revealing that you use a VPN, whereas bridges try to hide that you are using any anonymizer at all). Using a bridge with obfsproxy is meant to hide that you are using Tor from your ISP. If it can actually do it is debatable, but it is definitely your best bet for attempting to do it. Using a private bridge is best for membership concealment, but even if you use a private bridge it is possible that your ISP could fingerprint your traffic even with obfsproxy. Tor Project is currently in an obfuscation/fingerprinting arms race with the Chinese government, and neither of them has been staying ahead of the other for long. On the other hand your traffic is not likely to be analyzed quite as thoroughly as the average Chinese citizens traffic is, and you might have an easier time hiding that you are using Tor from your ISP than a Chinese person will have of hiding that they are using Tor from the government censors. I am not sure what bridge mode is, but generally you do need to update your bridges periodically. Bridges tend to come and go very quickly, sometimes they change IP address every 24 hours. This is really good in a sense as it requires the censors / people trying to identify Tor connections to continuously enumerate bridges, but it is bad in that it requires you to frequently change your entry nodes which is quite bad for anonymity. Bridges also don't have the same restrictions on them as normal entry guards do, and it is a bit easier for an attacker to add bad bridges than it is for an attacker to add bad entry guards. If you can manage to use persistent bridge entry guards it shouldn't be a big deal, but lots of bridges change their IP address every 24 hours. The best you could hope to do is run a private Obfsproxy bridge. However even doing that doesn't guarantee you membership concealment. Obfsproxy bridges are current state of the art in implemented membership concealment systems (although keep in mind that your bridges ISP can still tell that you are using Tor. Ideally bridges would use bridges of their own, to try to hide this). Unfortunately in this case, state of the art means that when the attackers get ahead they will not maintain their lead for long, it doesn't mean that the attackers will not frequently get slightly ahead.