[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August
From: Alec Muffett <alec.muffett@xxxxxxxxx>
Date: Wed, 20 Sep 2017 11:00:41 +0100
Cc: Tom Ritter <tom@xxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 Sep 2017 06:01:43 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BzvFaDyu0z/4NpaRdg+5AC9HvDUirqEQ+ScYTZfACDs=; b=p/VmZziCESAf+44R+bhcw8U3KyYb9F43UkEq1f4MZnA2DSqTM/Sjqqq4c+D8JvCleU Le5ADi/TTo/m9qd7WSryebAB4sFRlU8gMoHy592sIn7ZxovkDWZQGQEuFmaAMc87VyKP Kdoi0fgFhjC1XEW0Mvh3WG9pr7cx8QhB1k5p51mFY5k9my4LjcGkfjIiyISZHDYUHMIu VXe9EVjHxy730l95ISkZBv8v96nk9CZNiqFaO56YUqu608xBzWl6v3uN3KiGYvNebXLR Tfy6pFHwsAbLOPLVvTqEo2stCNZLHYVPVXL1n/EczPcspmK6uMgAMCmXhq1uxLvBVcdL oo7Q==
In-reply-to: <20170920143511.1bec473c@natsu>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <d70f9209-bf0e-c589-bc1a-195df7727126@infosecurity.ch> <20170920143511.1bec473c@natsu>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 20 September 2017 at 10:35, Roman Mamedov <rm@xxxxxxxxxxx> wrote:

> On the 28th of August, 261 websites providing VPN and Proxy services where
> found blocked.
> A new section was added to the report containing a schedule that lists
> monitored websites that provides VPN and Proxy services."
>
> https://www.reddit.com/r/Egypt/comments/6wkbcw/did_
> they_seriously_just_block_vpns/
>
> But it seems puzzling the spike was just for 1 day and then back to
> just exactly the previous level.
>

#pragma SPECULATION_AHEAD 1

From my experience of watching people access a very large website over Tor,
I have developed some theories - mere theories, not based on hard analysis
- about why this happens.

I believe that Tor is most widely deployed and used "at need"; people keep
a copy of it lying around, especially in environments where blocking is
common, and they use it on special occasions to get past the barriers and
to reassert their "normal" computing capabilities as-soon-as-possible.

I think this makes sense: because of the "anonymity" (eg: JS-related)
aspects of the tool, TorBrowserBundle (TBB) can feel like a somewhat
"degraded" experience when compared to a "normal" web browser, and also I
know at least one occasion in past where a TBB upgrade killed all the
bookmarks which I'd built up.

Thereby I believe that TBB has evolved, for some people, to be "the browser
that you use to get past the barricades, until you're safe enough and/or
have acquired updated VPN software, and then you can go back to your old /
normal / familiar browser".

In certain respects this can be read as "TBB's threat model excessively
trades-off consistency and usability in favour of protections which
$SOME_MAJORITY of its userbase do not actually need" - but I'm okay with
the status quo.

I would rather that TBB "shoot for the stars" in terms of integrity,
privacy and anonymity-protection, though I exhort any/all efforts that work
to address this issue.

The one insight that I can bring to the table here is this: the number of
people who know how to (and *do*) use Tor at-need, vastly exceeds the
number of people who use it on a regular basis; this is also why the
autoupdate mechanism (and improvements to the security and speed thereof)
are fundamental to the TBB proposition.

I'd really love to see Tor, TBB and TBB-Plugin mechanisms upgraded to run
over single-onion, for instance.  It would make sense.

    -a

-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August
  - From: krishna e bera

References:
- [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August
  - From: Fabio Pietrosanti - Lists
- Re: [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August
  - From: Roman Mamedov

Prev by Author: Re: [tor-talk] hidden service - for dummies ?
Next by Author: Re: [tor-talk] How to find trust nodes?
Previous by thread: Re: [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August
Next by thread: Re: [tor-talk] Unusual Tor's spikes in Egypt and Turkey on 28th August
Index(es):
- Author
- Thread