[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Many more Tor users in the past week?
Thanks for sharing, Collin. Those graphs are very interesting. What the hell is going on???
-----Original Message-----
From: tor-talk [mailto:tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Collin Anderson
Sent: Friday, August 30, 2013 11:37 AM
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Many more Tor users in the past week?
Hi Mike,
On Fri, Aug 30, 2013 at 3:14 AM, Mike Perry <mikeperry@xxxxxxxxxxxxxx>wrote:
> Dude I love math and whatnot. Maybe science too, but this isn't
> exactly a controlled experiment. So whatnot it is, then! (Also plus
> one to you Collin, for being awesome).
>
> Can someone with more free time than me try to investigate one or more
> of the following ideas.. You know, in the interest of whatnot?
>
>
Embarrassingly, I went straight to the most romantic hypothesis and then worked my way back elsewhere, IRC and Twitter. A few of these prospects could be reasonably addressed through the trends of the top fifty countries, illustrated here: http://cda.io/r/tor_mystery_2013.png
From the outset, this seems to suggest that the catalyst occurred between August 19-20.
Few other points of conjecture that came up:
- I would infer based on no increase occurring in Iran that the Tor
version being run by the agent is pre-2.4; Iran continues to implement
countrywide DPI against Tor's SSL handshake, which was fixed for the moment
in ticket #8443. Whether it's circumvention or malware, I would trust it
would hit Iran.
- As Runa notes, attempting to correlate with censorship is not strong,
I would propose however that based on relative growth, a better indicator
is level of development (ehem, piracy) and geography. I might be passing
over someone, but it isn't until you get to Japan (40th) that you run into
what is traditionally called a highly-developed state (all apologies for
the terrible phrasing of this).
- Pirate Browser with Tor was released when, August 11th or 12th? I
would expect we would see a more gradual and less synchronous incline if it
were natural adoption patterns (short of an autoupdater).
A) The change in user counts for each country should be proportional
> to the installation base of some infectable software population
> for that country. Can we start with the easy ones with lots of
> public data on them, such as Windows, Flash, or Java?
>
I would also look for piracy and software update rates.
> B) Weird that we saw no new countries. Why? Is this just a canary
> test to see if we'd fall over? Can we check for correlations
> between our change in userbase per-country and the current number
> of Internet users per-country too, to see if that matches?
>
I culled the list at 1,000 users on either dates, there were a few countries that cropped up with new users, like Anguilla. Macedonia and Bosnia are also interesting toward this, regionally and going from a hundred to a thousand.
> C) People on IRC have suggested there is correlation to work hours.
> Does this actually apply to countries with atypical work weeks
> and holidays? (Is some popular corporate/work-group software the
> target here?)
>
Look for Muslim countries in the chart.
>
> 2. If this was Pirate Browser:
>
It's not.
>
> 3. If this is widespread local censorship/unrest:
>
> A) No level of censorship/social unrest happens across 91 countries at
> once. Justify your existence, meme.
>
Like, Hack the planet, bro.
So I think we are left with one unfortunate, not Israeli conclusion. Is there an example of such fine grain statistics of botnet growth tagged with date and country? Seems like a pretty solid research dataset for someone.
Cordially,
Collin
>
>
> P.S. To the bot-herders who are totally not Israeli: Our network can't
> scale as well as anything you can infect this fast. It will fall over,
> and when it does, the whole Internet will be looking for you. Maybe
> you should chillax a bit and consider running your own mix network.
> Good luck! ;)
>
> > > I downloaded the direct connecting users csv and created a
> > > spreadsheet between the start of the month and the end. It seems
> > > that
> it
> > > was the confluence of many states increasing their censorship of
> > > the Internet, especially instances like Vietnam and Facebook. Here
> > > is the
> raw
> > > data:
> > >
> > >
> > >
> https://docs.google.com/spreadsheet/ccc?key=0Amq69Ncu9Fp_dDlFYWhDZlNCT
> kdfWGhFWGlCOWFFNWc&usp=sharing
>
> --
> Mike Perry
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe
> or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk