censorship-analysis issueshttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues2022-12-13T17:04:40Zhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40037Censorship analysis idea for Coverage of Attention List UDP Traffic Censorshi...2022-12-13T17:04:40ZshelikhooCensorship analysis idea for Coverage of Attention List UDP Traffic Censorship in IranBased on the [previous](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40036) research, Iran has a 3 level censorship for UDP traffic. However, we are still in the dark about how widespread this kind of ce...Based on the [previous](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40036) research, Iran has a 3 level censorship for UDP traffic. However, we are still in the dark about how widespread this kind of censorship is.
Here is the idea about this experiment:
1. traceroute to a host with udp packet to determine hops to reach the remote host
2. send a non-censored udp packet at reachable ttl - 1 and see if there is a icmp ttl exhausted response
3. send a censored udp packet at reachable ttl - 1 from the same source port to the same destination port and see if there is a icmp ttl exhausted response
4. send a non-censored udp packet at reachable ttl - 1 from the same source port to the same destination port and see if there is a icmp ttl exhausted response
5. repeat this process a few times for each host and repeat for every host on internet
if the remote is impacted by compete udp block, then
1. icmp ping at step 1 would work
2. 2, 3, 4 step does not receive an icmp reply
if the remote is impacted by partial udp block, then
1. icmp ping at step 1 would work
2. 2 step receive an icmp reply
3. 3,4 step does not receive an icmp reply
if the remote is not impacted by udp block, then
1. icmp ping at step 1 would work
2. 2, 3, 4 step receive icmp replyhttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40035Brainstorm and analyze heuristics to guess that a bridge might be offline or ...2024-02-22T21:57:07ZRoger DingledineBrainstorm and analyze heuristics to guess that a bridge might be offline or blockedIn the upcoming "subscription model" plan (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/42), we envision several use cases. Here are the first three:
* (1) bridge moves to a new IP address
* (2) bridge goes offline
...In the upcoming "subscription model" plan (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/42), we envision several use cases. Here are the first three:
* (1) bridge moves to a new IP address
* (2) bridge goes offline
* (3) bridge gets blocked
Case 1 is the easiest, since if the bridge is at a new IP address, we know this because we have a newer bridge descriptor for it. So if a client comes asking for a replacement, we just give them a new bridge line based on this new bridge descriptor.
For case 2, we want to give users a deterministic replacement -- but only if the bridge is actually offline. So we need some scanning mechanism to discover and/or verify which bridges have gone offline, and it should learn an answer quickly enough to be relevant for the subscription model style replacement.
For case 3, we also want to give users a deterministic replacement, but it has to come from the "dynamic bridge pool" subset, and also we only want to offer a replacement if we believe the bridge is actually blocked. Case 3 is also fun because we don't want to test a given bridge from in-country until we hit a threshold of suspicion that it is blocked.
This umbrella ticket aims to collect ideas for (a) what information sources we can use to decide that a given bridge is worth testing now, and (b) think about architectures for active scanning that go well with these three use cases plus the information sources from 'a'.
Potential data sources:
- Usage metrics (https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/112)
- Client reports
- Reported by tor process (https://gitlab.torproject.org/tpo/core/arti/-/issues/717)
- Reported by Tor Browser
- Measurement probes
- Indirect, external scanning (e.g., spooky scan, censored planet)
- Scans from within the censored region (e.g., OONI, our own censorship probe)
Consumers of this information:
- Subscription model for bridge distribution (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/42)
- Reputation-based bridge distribution (https://gitlab.torproject.org/tpo/anti-censorship/lox/lox-overview/-/issues/5)https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40032RFC: Bridge obfuscated as RDP2022-07-06T14:58:46Zwild_oneRFC: Bridge obfuscated as RDPHi folks,
I've had this idea of implementing a bridge that appears to be an ordinary (Microsoft/xrdp) server on the outside, but only accepts NLA and then sets up a channel for bridging Tor traffic.
I don't know enough about RDP to try ...Hi folks,
I've had this idea of implementing a bridge that appears to be an ordinary (Microsoft/xrdp) server on the outside, but only accepts NLA and then sets up a channel for bridging Tor traffic.
I don't know enough about RDP to try and implement it myself, but I feel like this, if done properly, could be a really useful solution, since blocking RDP is prohibitively expensive in our current age of remote work.
What do you think?https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40031[Uzbekistan] Number of meek users goes to zero, 2022-05-122023-01-26T13:54:32ZDavid Fifielddcf@torproject.org[Uzbekistan] Number of meek users goes to zero, 2022-05-12It looks like the number of meek users in Uzbekistan suddenly dropped from about 150 to 0 on 2022-05-12. Other transports and relay users appear to be unaffected.
https://metrics.torproject.org/userstats-relay-country.html?start=2021-12...It looks like the number of meek users in Uzbekistan suddenly dropped from about 150 to 0 on 2022-05-12. Other transports and relay users appear to be unaffected.
https://metrics.torproject.org/userstats-relay-country.html?start=2021-12-01&end=2022-06-01&country=uz
![userstats-relay-country-uz-2021-12-01-2022-06-01-off](/uploads/78652074b7398a1658055377dcdbc245/userstats-relay-country-uz-2021-12-01-2022-06-01-off.png)
https://metrics.torproject.org/userstats-bridge-combined.html?start=2021-12-01&end=2022-06-01&country=uz
![userstats-bridge-combined-uz-2021-12-01-2022-06-01](/uploads/2990c2c7a6fa90f09ca6e1f83c51af67/userstats-bridge-combined-uz-2021-12-01-2022-06-01.png)https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40024Blocking of Snowflake in Turkmenistan, 2021-10-242024-02-26T15:39:12ZDavid Fifielddcf@torproject.orgBlocking of Snowflake in Turkmenistan, 2021-10-24On 2021-10-24, the number of Snowflake users in Turkmenistan dropped from 20–30 to almost zero:
[![userstats-bridge-combined-tm-2021-08-01-2021-12-16](/uploads/72fa4c798ac397813e2865642b90a7a6/userstats-bridge-combined-tm-2021-08-01-202...On 2021-10-24, the number of Snowflake users in Turkmenistan dropped from 20–30 to almost zero:
[![userstats-bridge-combined-tm-2021-08-01-2021-12-16](/uploads/72fa4c798ac397813e2865642b90a7a6/userstats-bridge-combined-tm-2021-08-01-2021-12-16.png)](https://metrics.torproject.org/userstats-bridge-combined.html?start=2021-08-01&end=2021-12-16&country=tm)
Previously discussed at:
* https://gitlab.torproject.org/tpo/community/support/-/issues/40030#note_2759213
* http://meetbot.debian.net/tor-meeting/2021/tor-meeting.2021-11-04-15.59.log.html#l-55
```
16:19:56 <anadahz> Confused about the meek client metrics in Turkmenistan -- https://metrics.torproject.org/userstats-bridge-combined.png?start=2021-08-02&end=2021-11-04&country=tm
16:20:39 <anadahz> How come and there are so many meek clients in Turkmenistan?
16:20:54 <dcf1> Here is a graph with some more context
16:20:56 <dcf1> https://people.torproject.org/~dcf/metrics-country.html?start=2021-08-01&end=2021-11-05&country=tm
16:21:00 <meskio> does it look like related to snowflake going down?
16:21:13 <dcf1> however zoom out a bit to get even *more* context (esp. wrt relay users)
16:21:15 <dcf1> https://people.torproject.org/~dcf/metrics-country.html?start=2021-07-01&end=2021-11-05&country=tm
16:21:23 <cohosh> related info on tor blocking in TM: https://gitlab.torproject.org/tpo/community/support/-/issues/40030
16:22:10 <dcf1> to me it looks like OR and meek were rising simultaneously, then snowflake and OR got blocked.
16:22:33 <cohosh> wow
16:22:49 <meskio> blocked? or our failure with probetest?
16:23:45 <dcf1> but snowflake users globally did not go to zero in the same way https://metrics.torproject.org/userstats-bridge-transport.html?start=2021-08-06&end=2021-11-04&transport=snowflake
16:24:05 <anadahz> On 2021-10-31 the amount of meek clients count were almost spike to 1,5 times than before.
16:24:05 <meskio> I see what you mean :(
16:24:09 <cohosh> yeah this looks suspiciously close to zero
```shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40029[Turkmenistan] Number of directly connecting users is going down2024-03-05T18:48:39ZGus[Turkmenistan] Number of directly connecting users is going downThe current number of Tor users in TM is going down since July 2021. I'm creating this ticket to investigate what's happening and ask volunteers to run emma.
![Screenshot_2021-08-10_Users___Tor_Metrics](/uploads/84cb05ae72314320d73bad18...The current number of Tor users in TM is going down since July 2021. I'm creating this ticket to investigate what's happening and ask volunteers to run emma.
![Screenshot_2021-08-10_Users___Tor_Metrics](/uploads/84cb05ae72314320d73bad184aeb15f4/Screenshot_2021-08-10_Users___Tor_Metrics.png)
https://metrics.torproject.org/userstats-relay-country.html?start=2021-05-12&end=2021-08-10&country=tm&events=offshelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40022bridgetest: make output format more robust2022-03-01T15:57:24ZRoger Dingledinebridgetest: make output format more robustHere's the preliminary data format for the logs that come out of the bridgetest docker image: <br>
https://gitlab.torproject.org/cohosh/probetest#data-format
and there are some scripts like <br>
https://gitlab.torproject.org/cohosh/prob...Here's the preliminary data format for the logs that come out of the bridgetest docker image: <br>
https://gitlab.torproject.org/cohosh/probetest#data-format
and there are some scripts like <br>
https://gitlab.torproject.org/cohosh/probetest/-/blob/main/analysis/makecsv <br>
that help to generate the csv format.
We should look through peer formats, like OONI's data format and censored planet, and get ideas for what else we'll wish we'd included.
For examples:
* timestamp of when the test happened (perhaps rounded to something granular)
* which version of the test generated this entry
* more detail about the test target, e.g. the hashed fingerprint of the bridge that we tested.
* time spent from start of test until result (I realized this one after looking at the various aborted tests from China, where if we knew how long the successful tests took, and found that they were already bumping up against our timeout, that would be useful to know.)
* (maybe, I'm not sure, we should ask others for advice) All of the stuff that's implicit in the filename and directory structure, so it's in the file too -- which country we're testing from, AS we map to, the name of the test, etc.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40020probetest: automate graphing the results2023-03-31T17:42:15ZRoger Dingledineprobetest: automate graphing the resultsCohosh made some manual graphs showing some of the data points coming out of the bridgetest docker image. That's great but I bet it will be no fun to do new manual graphs every time.
One of Shadow's huge features is that part of running...Cohosh made some manual graphs showing some of the data points coming out of the bridgetest docker image. That's great but I bet it will be no fun to do new manual graphs every time.
One of Shadow's huge features is that part of running a Shadow experiment is that it writes out a many-page pdf with automatic snazzy graphs of cdfs of bandwidth, latency, all the rest. So, check out how Shadow does its thing.
Especially if we end up wanting to do more involved logic, like the "don't show any results for bridges that Canada couldn't reach" idea from #40019, we're going to want this "output analysis" step to be automated and repeatable.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40019Now that we have a docker-based probe test, figure out how to keep bridges up...2024-02-27T19:03:51ZCecylia BocovichNow that we have a docker-based probe test, figure out how to keep bridges up to dateWe've got our docker-based tests and are starting to collect measurements from different vantage points. We've been baking obfs4 bridges into the docker image, but how do we keep this image up to date? My current plan has been to check t...We've got our docker-based tests and are starting to collect measurements from different vantage points. We've been baking obfs4 bridges into the docker image, but how do we keep this image up to date? My current plan has been to check the probes from the Canada vantage point every week and replace a bridge if probes from Canada fail for more than 2-3 days in a row. Is there a way to do this more dynamically? Do we run our own bridges?https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40016Drop in bridge users in Myanmar2022-11-27T22:36:00ZCecylia BocovichDrop in bridge users in MyanmarThere was a sudden drop in bridge users in Myanmar in late February that does not correspond with a rise in relay users:
![userstats-bridge-country-mm-2021-02-01-2021-05-06](/uploads/0b04823b21412b5b693bd71217248740/userstats-bridge-cou...There was a sudden drop in bridge users in Myanmar in late February that does not correspond with a rise in relay users:
![userstats-bridge-country-mm-2021-02-01-2021-05-06](/uploads/0b04823b21412b5b693bd71217248740/userstats-bridge-country-mm-2021-02-01-2021-05-06.png)
![userstats-relay-country-mm-2021-02-06-2021-05-07-off](/uploads/6a3c1f7168101df7148ef58c2f5ebde5/userstats-relay-country-mm-2021-02-06-2021-05-07-off.png)
Not sure if this is due to Tor blocking since OONI is still showing no anomalies in Myanmar.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40015Check the reachability of our fallback directories2022-03-01T15:57:23ZCecylia BocovichCheck the reachability of our fallback directoriesAfter a recent conversation with OONI, we realized that, while OONI tests our directory authorities as part of the tor test, they do not check our [fallback directories](https://github.com/torproject/tor/commits/master/src/app/config/fal...After a recent conversation with OONI, we realized that, while OONI tests our directory authorities as part of the tor test, they do not check our [fallback directories](https://github.com/torproject/tor/commits/master/src/app/config/fallback_dirs.inc) and the data form these tests alone is not enough to determine whether or not a (new) user can connect directly to Tor.
I talked to Arturo about this and while OONI used to test these, they no longer do. When they tried to add the test recently it made the tor tests take too long and so these new targets aren't likely to be added to the app any time soon. However, they could be a candidate for the command-line only version of OONI.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40014Add a script to process OONI tor test data using the OONI API2022-03-01T15:57:23ZCecylia BocovichAdd a script to process OONI tor test data using the OONI APIOONI publishes tor test data on the reachability of our default bridges and directory authorities as a part of their tor test suite. This data is available through the OONI API.
A request like https://api.ooni.io/api/v1/measurements?unt...OONI publishes tor test data on the reachability of our default bridges and directory authorities as a part of their tor test suite. This data is available through the OONI API.
A request like https://api.ooni.io/api/v1/measurements?until=2021-04-15&since=2021-04-01&probe_cc=BY&test_name=tor will return a json with measurement ids and summary information. A followup API request for individual measurement IDs such as https://ams-pg.ooni.org/api/v1/raw_measurement?report_id=20210414T221337Z_tor_BY_42772_n1_LfXbFf0lY7tjmRKm will return more fine-grained information.
There are a few gotchas with interacting with the APIs and the OONI data:
- requests that take too long will return a 500 error. In this case, a request for a shorter time duration is needed.
- anomalies are not necessarily due to censorship events and there is a lot of noise due to variations in connection success and quality
In aggregate, this data is useful for seeing how blocking events vary across ASes and corrolates with our default bridge metrics. For example:
![ooni-default-bridge-by-asn-feb](/uploads/b834af87a30657e5785225f41a281539/ooni-default-bridge-by-asn-feb.png)
![userstats-default-bridge-by-february](/uploads/d771e3fe8b1eb5d098514346e7764587/userstats-default-bridge-by-february.png)
These two plots are correlated and show that default bridges were still reachable by the major ASes in early February, that all ASes other than 6697 blocked Tor bridges later in February and that the more complete blocking in AS6697 likely contributed to the even lower user counts in March.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40013Task 4.3 Explore the parameter space in a Salmon reputation design2022-03-01T20:13:35ZGabagaba@torproject.orgTask 4.3 Explore the parameter space in a Salmon reputation designThis step happens after https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40012
The question here is to understand better how broad or narrow is the range of workable parameters.
For example, what rates of ...This step happens after https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40012
The question here is to understand better how broad or narrow is the range of workable parameters.
For example, what rates of discovery vs rates of fresh bridges should be workable and what rates should be unworkable?
(If we need more fresh bridges than we can get, that is an unworkable system.)https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40008Task 2.2 Understand the OONI data format and constraints on OONI tests.2023-03-31T17:39:47ZGabagaba@torproject.orgTask 2.2 Understand the OONI data format and constraints on OONI tests.Understand the OONI data format, and the constraints on OONI tests, to build a plan for either converting our data into the OONI data format, or adding some of our tests to the ooniprobe app, or some other smart way to integrate.Understand the OONI data format, and the constraints on OONI tests, to build a plan for either converting our data into the OONI data format, or adding some of our tests to the ooniprobe app, or some other smart way to integrate.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40006Task 2.1: Publish ongoing scan results as a public (privacy-preserving as nee...2023-03-31T17:40:33ZGabagaba@torproject.orgTask 2.1: Publish ongoing scan results as a public (privacy-preserving as needed) dataset, and have a web page that highlights recent data and steers researchers toward trends/questions raised by the data.Much of this data is already in the [metrics portal](https://metrics.torproject.org) (passive bridge measurements for example) but much will be new.
- [ ] Publish ongoing scan results as a public (privacy-preserving as needed) dataset.
...Much of this data is already in the [metrics portal](https://metrics.torproject.org) (passive bridge measurements for example) but much will be new.
- [ ] Publish ongoing scan results as a public (privacy-preserving as needed) dataset.
- [ ] Have a web page that highlights recent data and steers researchers toward trends/questions raised by the data.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40005Task 1.4: Identify set of wishlist/missing features for Tor client and plugga...2023-03-31T17:37:15ZGabagaba@torproject.orgTask 1.4: Identify set of wishlist/missing features for Tor client and pluggable transports to better assess Tor blockingUse this ongoing library of events to identify a set of wish list features for the Tor client and the various transports for how they could make scans more accurate and/or more productive.Use this ongoing library of events to identify a set of wish list features for the Tor client and the various transports for how they could make scans more accurate and/or more productive.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40003Task 1.2: Grow contacts in key regions2022-03-01T15:57:23ZGabagaba@torproject.orgTask 1.2: Grow contacts in key regionsGrow and maintain contacts in key regions who can help us interpret results when we see or hear about potential blocking events.
Key regions defined in https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40007...Grow and maintain contacts in key regions who can help us interpret results when we see or hear about potential blocking events.
Key regions defined in https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40007
- [ ] find a way to track contacts and events in a private way and share it with @tpo/anti-censorship team
@gus I'm adding this ticket here as there is not really a place in @tpo/community to do it.Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibethttps://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40023Understand where gettor distribution providers are blocked2022-11-27T22:36:00ZCecylia BocovichUnderstand where gettor distribution providers are blockedWe should get a better understanding of where our different gettor providers are blocked. Right now we use four different providers:
- `gitlab.com`
- `github.com`
- `archive.org`
- `docs.google.com`
However, some of these domains resolv...We should get a better understanding of where our different gettor providers are blocked. Right now we use four different providers:
- `gitlab.com`
- `github.com`
- `archive.org`
- `docs.google.com`
However, some of these domains resolve to a different URL in the process of downloading the file. For example, binaries uploaded to github used to retrieved from `raw.githubusercontent.com` and now it redirects to `github-production-release-asset-2e65be.s3.amazonaws.com`.
Perhaps we can use OONI data to stay on track of when gettor becomes unavailable due to blocking these URLs?https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/32095Analyse the "Carbon Reductor DPI X" DPI system2021-07-09T14:14:25ZPhilipp Winterphw@torproject.orgAnalyse the "Carbon Reductor DPI X" DPI systemSee https://github.com/net4people/bbs/issues/15
Let's take a look at the DPI system and see what we can learn from it. Hopefully, it will help us refine our threat models.See https://github.com/net4people/bbs/issues/15
Let's take a look at the DPI system and see what we can learn from it. Hopefully, it will help us refine our threat models.https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/31586New versions of Tor Browser do not work in UAE2021-07-09T14:14:24ZTracNew versions of Tor Browser do not work in UAEHi,
I am using a Windows 7 laptop and have been using your browser but lately after your updates the tabs are not loading anymore. I stay in UAE and your site is blocked here therefore had to reinstall a lower version to get access to y...Hi,
I am using a Windows 7 laptop and have been using your browser but lately after your updates the tabs are not loading anymore. I stay in UAE and your site is blocked here therefore had to reinstall a lower version to get access to your site.
**Trac**:
**Username**: fantasy_man59@yahoo.com