Something funky is going in Iran: numbers of relay users flies off to 1M+
Activity
Woops, wrong component, my apologies.
What component did you intend? I was thinking Censorship/Censorship Analysis, but possibly this is not related to censorship.
I [[/wiki/doc/MetricsTimeline?action=diff&version=322|added an entry]] on the Metrics Timeline.
Trac:
Keywords: N/A deleted, ir added
Description: https://metrics.torproject.org/userstats-relay-country.html?graph=userstats-relay-country&country=irto
It now seems that 1/4 of the users in the Tor network are in Iran: https://metrics.torproject.org/userstats-relay-table.html?start=2019-05-30&end=2019-06-03
I looked at some relay extrainfo descriptors, to see if this is a fluke or what, and it looks like many relays are seeing not just a huge number of v3 consensus fetches from Iran, but also a huge variety of IP addresses fetching these consensus documents. So my current thought is that these really are a bunch of different Tor clients running in different places in Iran.
The shape of the growth makes me think it isn't many hundreds of thousands of people each one at a time deciding to install Tor Browser though. I wonder if Tor is now bundled in some software that many of them already had, and when it upgraded, they became Tor users? See for example how this happened in Ukraine two years ago, where the FreeU browser bundled a Tor client: legacy/trac#22369 (moved).
-
https://metrics.torproject.org/dirbytes.html makes it look like the directory load is growing with the recent pattern of Russian users, but not growing with the recent pattern of Iranian users. I wonder why that is.
I wonder how many of these are Orbot installations which were sitting on Android devices and now are suddenly connecting back to the network. Iranian users do have a habit of having all the censorship circumvention tools installed and try to see which one works everyday they pick up their phones. I asked Nathan to see if he can give us any statistics on how many active installation (through Google play store) we currently have in IR.
Google Play reports active users of Orbot in Iran has gone from 40k to about 70k in the last two months. This is a big spike, as before we would just grow a few k per month.
Iran is our legacy/trac#5 (closed) country, after Russia, India, US, and Ukraine.
Now, this is only measuring users who install Orbot from Google Play. If they are getting it from somewhere else, I don't think we can see those numbers.
Some unofficial telegram applications (e.g. Bgram) use Tor.
In the past month, several unofficial telegrams were removed by Google Play Protect service from users' devices. (E.g. talagram, hotgram, mobogram)
In the past few weeks in Iran, the speed of blocking MTProxy servers has increased. So the only remaining option for the unofficial telegram application was to integrate with Tor.
This is my guess. (Also reports from unofficial telegram builders, and reverse engineering of published files in the telegram)
Trac:
Username: xhdix-
Don't know about Iran, but for Russia this can be my Torfone (see https://habr.com/ru/post/448856/).
App: http://torfone.org/download/Torfone.apk Core: https://github.com/gegel/torfoneTrac:
Username: torfone -
@emmapeel I think that when the increase began, it was before Tor release date: https://metrics.torproject.org/userstats-relay-country.html?start=2019-05-13&end=2019-05-23&country=ir&events=off
Trac:
Username: xhdix -
So, according to a report released on May 30 from Iran Human Rights Watch, the Iranian government is supporting the development of a proxy tool, MTProto, so they can better 'manage' censorship circumvention. https://iranhumanrights.org/2019/05/why-is-the-iranian-government-aiding-the-development-of-a-censorship-circumvention-tool/
I believe that the new Tor users were previously using MTProto and then realized it's not keeping their privacy from the Iranian gov.
My evidence is a decline in 'Post Reach' on May 15, the same day Iranian Tor users began to grow: https://www.dropbox.com/s/ggin9dmkobowkve/MTProto%20Post%20Reach.png?dl=0
I don't know what specifically triggered the switch from MTP to Tor, but a significant and sustained drop of Post Reach is definitely suspicious.
You can find all the metrics here: https://tgstat.com/channel/@MTProxies
Trac:
Username: difautsch -
Also, according to a query from people, messages similar to the screenshot below were published in telegram groups. In this message, installing and using Tor is trained to work on Telegram. https://imgur.com/RqyjccN
Trac:
Username: xhdix -
Replying to difautsch:
So, according to a report released on May 30 from Iran Human Rights Watch, the Iranian government is supporting the development of a proxy tool, MTProto, so they can better 'manage' censorship circumvention. https://iranhumanrights.org/2019/05/why-is-the-iranian-government-aiding-the-development-of-a-censorship-circumvention-tool/
I believe that the new Tor users were previously using MTProto and then realized it's not keeping their privacy from the Iranian gov.
My evidence is a decline in 'Post Reach' on May 15, the same day Iranian Tor users began to grow: https://www.dropbox.com/s/ggin9dmkobowkve/MTProto%20Post%20Reach.png?dl=0From the OONI forums, Iran's internet is down. Apparently, fiber optic cables have been cut. https://twitter.com/sadjadb/status/1136646856652525568 I wonder if this related to the U.S. - Iran tensions?
I don't know what specifically triggered the switch from MTP to Tor, but a significant and sustained drop of Post Reach is definitely suspicious.
You can find all the metrics here: https://tgstat.com/channel/@MTProxies
Trac:
Username: difautsch 
Replying to difautsch:
From the OONI forums, Iran's internet is down. Apparently, fiber optic cables have been cut. https://twitter.com/sadjadb/status/1136646856652525568 I wonder if this related to the U.S. - Iran tensions?
The tweet is from June 6. According to IODA, it looks like there was indeed a noticeable drop in connectivity but it affected less than 5% of the address space that Iran announces over BGP:
-
Two more data points here:
(A) I am coming to believe that our user count numbers are based on counting requests, not on counting successful deliveries of the consensus. So if a client gets far enough through the process to request a consensus, but then has their connection cut, (1) we will count them as a user, and (2) they will come back somewhere else soon after to retry, and we'll count that next one as a new user. I am beginning to suspect that's a factor in what's happening here. But that still doesn't explain why the number keeps going up -- it's not like clients start asking more and more frequently as they fail more often.
(B) We do have a count of successful consensus deliveries, vs delivery attempts that time out. Dir mirrors can't tell whether the client receives all the bytes, but because the consensus takes more than one stream window worth of cells to deliver, the dir mirrors can tell that all but the last stream window (250KB) of cells were acknowledged by the client. But, with the advent of consensus diffs, the entire diff fits within a single stream window, so every time a client asks for a diff, we're going to count that delivery as a success, even if no bytes actually make it to the client.
(B') And while we're on that topic, there actually is a way to learn whether the client received the last part -- see the concern in https://trac.torproject.org/projects/tor/ticket/30926#comment:3 where we get a stream-level sendme for an unknown streamid. That happens when we've finished sending all of the consensus bytes, and then we send the end cell, and then we close the stream on our side, and we get a sendme with an unknown streamid because we've already forgotten about the stream. But all of the data is there for us to be able to confirm that the client has received (nearly all of) the bytes, if we want to.
We should probably make a bunch of tickets out of these various bugs and feature ideas, but I wanted to get them written up somewhere first.
-
Many users report that they can not connect directly to Tor. Connections with Bridge also have problems for them. (Connected but not stable)
There is a problem with handshake in SSL / TLS communication that the time of occurrence of the problem is different in each city and ISP.
logs: https://paste.ubuntu.com/p/jrNQGhqBTx/
Trac:
Username: xhdix -
Only servers that are listed in metrics.torproject.org have problems. Even middle-relays On the first day, from Iran, I could get the authority file from my middle-relay server, but attempting to connect SSH and HTTPS to my server received a timeout error in the handshake.
Fall down:
Trac:
Username: xhdix -
I can tell people to use the bridge, but there are two problems:
1- The orbot app has not yet released its new update: https://bugs.torproject.org/30870
2- This solution will be very difficult: https://github.com/termux/termux-packages/issues/3198 Is there a better solution for installing via termux?
Trac:
Username: xhdix
