The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-07-09T18:29:19Zhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/20216Iran blocking of direct users, 2016-08 and 2016-092021-07-09T18:29:19ZDavid Fifielddcf@torproject.orgIran blocking of direct users, 2016-08 and 2016-09
Direct users in Iran dropped from 8,000 to 2,000 between 2016-08-20 and 2016-08-23. The numbers recovered to 4,000, then crashed to 400 on 2016-09-03 and 2016-09-04.
![userstats-relay-country-ir-2016-06-24-2016-09-22-off.png](uploads/...
Direct users in Iran dropped from 8,000 to 2,000 between 2016-08-20 and 2016-08-23. The numbers recovered to 4,000, then crashed to 400 on 2016-09-03 and 2016-09-04.
![userstats-relay-country-ir-2016-06-24-2016-09-22-off.png](uploads/userstats-relay-country-ir-2016-06-24-2016-09-22-off.png) [link](https://metrics.torproject.org/userstats-relay-country.html?start=2016-06-24&end=2016-09-22&country=ir&events=off)
_Edit 2016-10-04: the bridge changes below, on further investigation, appear to be unrelated to anything done by Iran._
Looking at bridge users, there is an increase right around 2016-08-20, the time of the first blocking, then an abrupt return to previous levels around 2016-09-03, the time of the second blocking.
![userstats-bridge-country-ir-2016-06-24-2016-09-22.png](uploads/userstats-bridge-country-ir-2016-06-24-2016-09-22.png) [link](https://metrics.torproject.org/userstats-bridge-country.html?start=2016-06-24&end=2016-09-22&country=ir)
Looking at the graph of bridge users by transport, obfs4 continued working while obfs3 and vanilla were blocked.
![userstats-bridge-combined-ir-2016-06-24-2016-09-22.png](uploads/userstats-bridge-combined-ir-2016-06-24-2016-09-22.png) [link](https://metrics.torproject.org/userstats-bridge-combined.html?start=2016-06-24&end=2016-09-22&country=ir)https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/18285Etisalat (UAE ISP) requiring users to use certain routers (was: The Arab Gulf...2020-06-27T13:43:41ZcypherpunksEtisalat (UAE ISP) requiring users to use certain routers (was: The Arab Gulf Governments Surveillance Project)The ISP called Etisalat which is located in UAE (United Arab Emirates) , they are using new strategy of forcing their surveillance on ppl, and they have used trick to lie on ppl, which is:-
they are calling & sending messages to UAE ppl...The ISP called Etisalat which is located in UAE (United Arab Emirates) , they are using new strategy of forcing their surveillance on ppl, and they have used trick to lie on ppl, which is:-
they are calling & sending messages to UAE ppl , and telling them you can upgrade your internet speed from X megabits to 20 megabits with free router and wireless-telephone and Tv-satellite or receiver.
now is this problem? no , but here is the deception inside this:-
they will force you to use their router because there will be no internet connection from your own router. and their router is D-Link DIR 850L6 (some got another models but as i know all of them are from D-Link company) with Etisalat firmware (not the original D-Link firmware).
their firmware has a backdoor inside it , which give the ability to any Etisalat employee accessing the router and do/change whatever they like inside it. not to mention the firmware is closed source for sure, and MAYBE contain malicious programs inside it like e.g spyware or ..etc.or executable programs which can attack targeted OS for e.g Windows/Android/IOS...etc
but what is for sure now the firmware has a backdoor inside it.
and also you CANT go back to the original speed that you were using + your own router. and also adding fees about 200$ if will cancel the internet.and if you will use another firmware like the original firmware of from D-Link company or an open source firmware you will loose the internet connection, and you cant download Etisalat firmware and install it again (because the firmware is not available for users) so they will give you a new router & charge you the corrupted router price. (about 50$ to 100$)
and if you ask them why are you doing this? their answer is:-
"we want to serve our customers as we can give them full support when having a problem regarding connectivity with routers."
(as you see very cheap excuse (the perfect bad word for it = bullshit) in order to kill your freedom of choice on routers with high security levels and surfing the internet freely as you like.and)
so the good question would be:-
- can that effect Tor security/connectivity?
- how can someone help Tor community to understand the risk on Tor users from this privacy attack? (i know ooni project , but it seems complicated and not really much active)
Notes:-
1- i have sent this message to tor project emails the English and the Arabic one = sadly no response till now from over a month or so.
2- this surveillance project not just in UAE , even in Saudia Arabia and so one..
3- i didnt know which categories (Type,Priority,Severity...etc) i should choose for this topic , so i just put anything randomly
lastly i say , hope Tor community/developers/news warn the poor ppl inside these countries by spreading this article (or any similar to it if available) so that (i hope) those ppl will be aware from these attempts and look for themselves to have a good solution for this problem.
Thanks.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/18034the five manipulation eyes (theoretical anonymity enhancement)2020-06-27T13:43:42ZTracthe five manipulation eyes (theoretical anonymity enhancement)Note:- maybe you need to have knowledge about Qubes or multiple isolated VM concept to get what i mean (but not necessarily).
i was thinking of a theoretical protection against the ISP sniffing or reduce the attacking threat of the ISP ...Note:- maybe you need to have knowledge about Qubes or multiple isolated VM concept to get what i mean (but not necessarily).
i was thinking of a theoretical protection against the ISP sniffing or reduce the attacking threat of the ISP to my connection. so i have an idea but i dont know if its going to work , but here it is:-
the idea needs Qubes OS , TorVM and/or Whonix
if we can have more than one Tor connection on a different VMs inside Qubes let say five , which r all opened together at the same time or gradually (1 then 2 then 3 ...) and including my connection among one of them. in another word:-
1- Tor VM (not mine)
2- Tor VM (not mine)
3- Tor VM (my connection)
4- Tor VM (not mine)
5- Tor VM (not mine)
wouldnt that increase our anonymity by increasing the surface of connectors/connection points to Tor? (which for sure one of these connections r my real connection but i dont have one connection only , instead i have five and im only using one).
to make this more efficient to use theory:-
1- the manipulated virtualmachines are not in a true storage , but they only need a fixed storage which mean we need only a disposable non-persistent storage (amnesic VM and Qubes provide this type of VM).
2- these manipulated virtualmachines WONT be useable by human. they are there just for the sake of its purpose. which will give us the opportunity to put these virtualmachines in the lowest consuming resources (RAM , Processor ...etc) so no files or media players or ...etc (so even low storage).
3- to harden these virtualmachines we can make the design of whonix as a mini-whonixes to be used from these VMs:-
Note:- we can use this design in case that just opening Tor wont manipulate anything , but if we open Tor + TBB and surfing X or Y website then we will have this method/theory to work.
(X , Y , Z ,V = just random websites.)
1- GW (Tor) - WS (TBB + X website) (disposable VM)
2- GW (Tor) - WS (TBB + Y website) (disposable VM)
3- GW (Tor) - WS (TBB + my surfing) (normal VM)
4- GW (Tor) - WS (TBB + Z website) (disposable VM)
5- GW (Tor) - WS (TBB + V website) (disposable VM)
.....etc from hardening things we can put inside this theory. but i dont know if its going to be effective or not , and what will the ISP see when we apply this.
**Trac**:
**Username**: bo0odhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/17112GoAgent and Shadowsocks got deleted2020-06-27T13:43:42ZTracGoAgent and Shadowsocks got deletedNot really tor related but since these were the bigest censorship circumvention tools in china i think its worth thinking bout what this means for tor.
did tor get more traffic from china?
are there alternatives forks spreading?
what ha...Not really tor related but since these were the bigest censorship circumvention tools in china i think its worth thinking bout what this means for tor.
did tor get more traffic from china?
are there alternatives forks spreading?
what happened to the developers?
how did they get caught?
why were they so more popular than tor. was it only speed or is there sometinhg that could be useful for tor beyond what meek implemented?
what are the reactions of people from china?
even if that was in china could something similar happen to the tor project? there is clearly a change in attitude in the goverment and china could have indirect power over developers or hosters.
**Trac**:
**Username**: elypterhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/16772Google's reCAPTCHA Tor Censorship !?2020-06-27T13:43:42ZcypherpunksGoogle's reCAPTCHA Tor Censorship !?This week, everytime I've encountered a reCAPTCHA from Google, I was completely unable to solve the CAPTCHA's, see attached image with my CAPTCHA solutions.
Also, from since last week, I encountered Google displaying no CAPTCHA image, b...This week, everytime I've encountered a reCAPTCHA from Google, I was completely unable to solve the CAPTCHA's, see attached image with my CAPTCHA solutions.
Also, from since last week, I encountered Google displaying no CAPTCHA image, but an error, that Google wants to protect it's users from automated requests or something like that.
Sorry, If there are some errors in my CAPTCHA solutions.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/15198Cyberoam blocking connections to Tor2021-07-09T18:29:19ZJacob AppelbaumCyberoam blocking connections to TorI'm currently in Istanbul, Turkey at a local university. The network blocks connections to the Tor network (using Tails) with a layered approach to censorship, I suspect.
I've tried to configure regular bridges, obfs2,3,scramblesuit PT ...I'm currently in Istanbul, Turkey at a local university. The network blocks connections to the Tor network (using Tails) with a layered approach to censorship, I suspect.
I've tried to configure regular bridges, obfs2,3,scramblesuit PT and direct connections. None appear to function. I am able to ssh out - so I can connect to Tor by binding a local SOCKS proxy and configuring Tor to connect over a SOCKS proxy. That is how I've filed this bug report.
The Cyberoam device is clearly acting as a MITM - it is highly annoying. It is a captive portal, which is easy to bypass with a login/password (ironically, not deployed with https!), after the captive portal, it filters conections by protocol, ip address and port number - I haven't yet fingerprinted the device upstream but I'll add information as I find it.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/10099wiki: DontBlockMe project / ListOfServicesBlockingTor doc2020-06-27T13:43:42Zcypherpunkswiki: DontBlockMe project / ListOfServicesBlockingTor docThe current meta ticket for these two wiki pages.
DontBlockMe
ListOfServicesBlockingTor
Join related tickets to this parent.The current meta ticket for these two wiki pages.
DontBlockMe
ListOfServicesBlockingTor
Join related tickets to this parent.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/9549Tor hacked when starting up in Aspen, CO, 19AUG20132020-06-27T13:43:42ZTracTor hacked when starting up in Aspen, CO, 19AUG2013This is the first ticket... just wanted to let you guys know I'm, apparently, a COINTELPRO target and have been for a couple of years since I began activating after the oil spill crisis in Louisiana.
I just downloaded Tor last May, an...This is the first ticket... just wanted to let you guys know I'm, apparently, a COINTELPRO target and have been for a couple of years since I began activating after the oil spill crisis in Louisiana.
I just downloaded Tor last May, and it worked without a hitch.
After yesterday's hack-a-thon (as versus a hacktivist-a-thon), I had to reload Tor via Google Chrome a few minutes ago (yuk)since the Tor application files were erased from my harddrive. (This has happened often with Google over the last couple of years...)
Now am having FireFox proxy issues, FYI, and had to use Chrome to send this message... I thought I should let you know what's happened in case security has been breached... if that's possible.
Hope this message isn't a waste of your time.
Best regards,
Elizabeth
aerguyton.wordpress.com
**Trac**:
**Username**: Elizabethhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/8591GFW actively probes obfs2 bridges2020-06-27T13:43:42ZPhilipp Winterphw@torproject.orgGFW actively probes obfs2 bridgesIt looks like the GFW is now actively probing obfs2. After hearing rumours yesterday, I wasn't able to reproduce this. Today, however, I got my private obfs2 bridge probed just milliseconds after my own connection from China. I got hit b...It looks like the GFW is now actively probing obfs2. After hearing rumours yesterday, I wasn't able to reproduce this. Today, however, I got my private obfs2 bridge probed just milliseconds after my own connection from China. I got hit by two random Chinese addresses as we already know it from the Tor probing. After the probing, my obfs2 connection timed out and the SYN/ACK segments from the bridge were dropped when trying to establish a new connection. I could reproduce all of this several times.
I haven't tested obfs3 yet and I suppose we can skip the old looking-for-the-fingerprint game. Depending on what protocols they are trying to detect, they might have to probe several times since it's not clear what's behind all that entropy. It might be obfs2, obfs3 or VPN PSK and perhaps even more protocols.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/8097I think tor is blocked by my internet provider2021-07-09T18:29:20ZTracI think tor is blocked by my internet providerSorry, I'm really new to Tor, and proxies/etc. The other day, I downloaded the Tor Bundle for Mac OS X, and it would get stuck at "Establishing an encrypted directory connection".
I added bridges, tried the "Firewall only connects to cer...Sorry, I'm really new to Tor, and proxies/etc. The other day, I downloaded the Tor Bundle for Mac OS X, and it would get stuck at "Establishing an encrypted directory connection".
I added bridges, tried the "Firewall only connects to certain ports" option, and even redownloaded to the 64-bit version. I'm not sure if I'm doing something wrong or I am somehow blocked from Tor? Also, I live in Japan.
Here is an image of how my message log looks: http://i46.tinypic.com/23u8ole.png
**Trac**:
**Username**: 48ineGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/7141How is Iran blocking Tor?2020-06-27T13:43:43ZPhilipp Winterphw@torproject.orgHow is Iran blocking Tor?Note that currently it looks like there might be more than just one filtering technique in place. The following was the initial report describing one possible filtering technique and [this comment](https://trac.torproject.org/projects/to...Note that currently it looks like there might be more than just one filtering technique in place. The following was the initial report describing one possible filtering technique and [this comment](https://trac.torproject.org/projects/tor/ticket/7141#comment:8) describes another technique.
----
Some users reported that the Iranian ISP "[Pars Online](https://en.wikipedia.org/wiki/Pars_Online)" is (partially?) blocking Tor.
One user looked into it and believes that Tor is identified based on the server_name extension in the TLS client hello. It looks like DPI boxes extract the domain and do a DNS lookup for it. If the domain resolves and the relay/bridge is listening on port 443, the connection passes. Apparently, an omitted server_name or a server_name rewritten to `www.google.com` passed the filter.
Obfsproxy seems to work.
Some open questions:
* Can we reproduce and verify the existing hypothesis?
* Is this an attempt to only allow HTTPS and no other SSL/TLS-based protocols? Or is it targeting only Tor?
* Can we modify [brdgrd](https://gitweb.torproject.org/brdgrd.git) to evade the server_name extraction?
* Is this type of block limited to Pars Online?Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/7137Build a tool that a censored developer can run to discover why their Tor is f...2020-06-27T13:43:43ZKarsten LoesingBuild a tool that a censored developer can run to discover why their Tor is failing to connectWe should develop an automated censorship diagnostics toolkit for Tor. It gets deployed when someone says something like "tor doesn't work in my country anymore". The goal is to have them download this toolkit, which will automatically...We should develop an automated censorship diagnostics toolkit for Tor. It gets deployed when someone says something like "tor doesn't work in my country anymore". The goal is to have them download this toolkit, which will automatically figure out if tor is blocked, how it might be blocked, and if any of the known ways to bypass tor censorship works, and if so, tell the client "you need X." Where X is bridges, private bridges, obfsproxy, private obfsproxy. If nothing works, it collects lots of data, and sends it back to tor.
Tor then analyzes the data and learns a new way of blocking tor as feedback into our anti-censorship work. Maybe there is a quick solution for the user in blocked country, maybe there isn't.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6651Someone's blocking Tor in Mexico?2020-06-27T13:43:43ZRuna SandvikSomeone's blocking Tor in Mexico?One user in Mexico reported that he is unable to connect to Tor, even with a private bridge. We have enough data to analyze the situation.One user in Mexico reported that he is unable to connect to Tor, even with a private bridge. We have enough data to analyze the situation.Runa SandvikRuna Sandvikhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6258The Philippines are blocking Tor?2020-06-27T13:43:43ZPhilipp Winterphw@torproject.orgThe Philippines are blocking Tor?A user mentioned in the [ethiopian blog post](https://blog.torproject.org/blog/update-censorship-ethiopia):
_two of the biggest ISP's here in the philippines blocked tor recently! _
The [statistic for directly connecting users](https...A user mentioned in the [ethiopian blog post](https://blog.torproject.org/blog/update-censorship-ethiopia):
_two of the biggest ISP's here in the philippines blocked tor recently! _
The [statistic for directly connecting users](https://metrics.torproject.org/users.html?graph=direct-users&start=2012-03-31&end=2012-06-29&country=ph&dpi=72#direct-users) indeed shows a sudden drop in usage in the beginning of May. The [bridge usage statistic](https://metrics.torproject.org/users.html?graph=bridge-users&start=2012-03-31&end=2012-06-29&country=ph&dpi=72#bridge-users) shows a suspicious usage drop in the middle of June.
We should analyze the situation.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6246UAE uses DPI to block Tor2020-06-27T13:43:43ZRuna SandvikUAE uses DPI to block TorThe Emirates Telecommunications Corporation, also known as Etisalat, started blocking Tor using DPI on June 25 2012. It seems they are doing something similar to Ethiopia (legacy/trac#6045) and Kazakhstan (legacy/trac#6140), but we shoul...The Emirates Telecommunications Corporation, also known as Etisalat, started blocking Tor using DPI on June 25 2012. It seems they are doing something similar to Ethiopia (legacy/trac#6045) and Kazakhstan (legacy/trac#6140), but we should figure out how these cases are different.
We know that:
* The three bridges in https://blog.torproject.org/blog/update-censorship-ethiopia are working. These are bridges with a patch that removes 0x0039 from SERVER_CIPHER_LIST.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6149"Censorship-timeline" for Tor2020-06-27T13:43:43ZPhilipp Winterphw@torproject.org"Censorship-timeline" for TorIt was shortly discussed on #tor-dev that some sort of "censorship-timeline" for Tor would be helpful. In particular, this should provide:
* Detailed technical analyses of the censorship mechanisms in place (DPI fingerprints and manufa...It was shortly discussed on #tor-dev that some sort of "censorship-timeline" for Tor would be helpful. In particular, this should provide:
* Detailed technical analyses of the censorship mechanisms in place (DPI fingerprints and manufacturers, traceroutes, ...)
* Code and data to reproduce all experiments
* Tor patches and standalone tools to evade the censorship devices
After all, this timeline should serve as a comprehensive archive for all people interested in how Tor is getting blocked. It should make it easy to answer questions such as _"What happened to Tor in country X back in Y?"_.
There are also some open questions:
* How should the data be structured? In form of a timeline? Or country based? Something else?
* What data should be published and when? Full disclosure too early in the process helps the censors.
* How should it be presented? In a wiki page or a standalone web site?https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6140Kazakhstan uses DPI to block Tor2020-06-27T13:43:43ZRuna SandvikKazakhstan uses DPI to block TorTwo blog posts published in the beginning of March talks about Kazakhstan using DPI to block Tor. The posts say that Kazakhstan is identifying and blocking the SSL client key exchange during the setup of an SSL connection. It seems the K...Two blog posts published in the beginning of March talks about Kazakhstan using DPI to block Tor. The posts say that Kazakhstan is identifying and blocking the SSL client key exchange during the setup of an SSL connection. It seems the Kazakhstan firewall finds something unique in the TLS "Server Hello" message as sent by the Tor relay or bridge and therefore blocks subsequent communications. IP address and TCP port are irrelevant to the censorship.
From legacy/trac#6045 (where we discuss Ethiopia blocking Tor based on ServerHello), we know that:
* The normal Tor Browser Bundle with a special bridge works; the bridge with the patch that causes the final hello done TLS record to be sent in a separate packet.
* The three bridges in https://blog.torproject.org/blog/update-censorship-ethiopia are also working in Kazakhstan. These are bridges with a patch that removes 0x0039 from SERVER_CIPHER_LIST.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/6045Ethiopia blocks Tor based on ServerHello2020-06-27T13:43:43ZGeorge KadianakisEthiopia blocks Tor based on ServerHelloEthiopia is blocking Tor by DPIing the ServerHello TLS record. We
found out that changing the ciphersuite selected (from the default
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA (0x0039)) bypasses the censorship.
This is a ticket to see how we can...Ethiopia is blocking Tor by DPIing the ServerHello TLS record. We
found out that changing the ciphersuite selected (from the default
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA (0x0039)) bypasses the censorship.
This is a ticket to see how we can handle this issue. We should also
be think about how legacy/trac#4744 and proposal 198 influence this.
The patch we used during tests removes 0x0039 from `SERVER_CIPHER_LIST`:
https://gitorious.org/mytor/mytor/commit/087de5215cada3320c8494fdc97b87746b45e1cb
A good short-term plan would be to set-up a few patched bridges,
update the blog post, and distribute the patched bridges to anyone who
asks for them.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/5158in iran both obsfproxy and vidalia relays are too slow2020-06-27T13:43:44ZTracin iran both obsfproxy and vidalia relays are too slowseems iran's government is blocking tor network mostly faster relays. please do something about it.
**Trac**:
**Username**: pptp9seems iran's government is blocking tor network mostly faster relays. please do something about it.
**Trac**:
**Username**: pptp9https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40000Gitlab Migration Milestone2020-06-13T18:30:28ZTracGitlab Migration MilestoneWe're creating this ticket as a part of the Trac-to-Gitlab migration, so that each project's numbering for new tickets will start with 40001.We're creating this ticket as a part of the Trac-to-Gitlab migration, so that each project's numbering for new tickets will start with 40001.