[tbb-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 24 22:55:26 UTC 2016
#18361: Issues with corporate censorship and mass surveillance
------------------------------------------+--------------------------
Reporter: ioerror | Owner: tbb-team
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: security, privacy, anonymity | Actual Points:
Parent ID: | Points:
Sponsor: |
------------------------------------------+--------------------------
Comment (by torhp):
I looked into the project honey pot data and I don't find it to be very
supportive of the "Tor is a source of abuse" hypothesis. Certainly not in
the sense that it can be used to justify blocking Tor users.
So I looked at the list of XFF proxies someone linked to above and
coincidentally I found Singapore's number one ISP near the top of the list
which piqued my curiosity.
I used to live in Singapore and at that time I was using Tor pretty much
daily. I can tell you that as a residential clearnet internet user, I
don't remember once coming across the cloudflare captcha problem. As a
Tor users of course I did get locked out of websites by cloudflare though,
so comparing honeypot numbers for Tor versus Singapore ISP's NAT hardware
is interesting to me. Let's get down to it.
First of all, the ISP alluded to above is Singtel, but I was actually a
customer of Starhub (Singapore's number 2 ISP), but I found them in the
honeypot data too and checked their scores. Their two listed IPs have
threat scores of 40 and 26.
Two IP addresses isn't a huge amount though, so I checked out a couple
more - I found an IP listed as being the outbound proxy for Vietnam's
state owned ISP. They only have one IP listed so it may be a single
carrier grade NAT device for the whole country - Vietnam I believe has a
national firewall so that seems possible. Their score was 57. I checked
one more IP which was one belonging to an ISP in Thailand. Its score was
30.
I then pseudo randomly selected (scroll, point and click) four Tor fast
exit nodes from torstatus.blutmagie.de Their scores were 50, 42, 40 & 41.
To summarise:
Starhub 1(Singapore): 40
Starhub 2(Singapore): 26
Vietnam: 57
Thailand: 30
Tor Fast Exit 1: 50
Tor Fast Exit 2: 42
Tor Fast Exit 3: 40
Tor Fast Exit 4: 41
Limited samples not withstanding, the results are pretty interesting.
Vietnam which apparently has one public IP address for the whole country
has a worse threat score than the Tor exits. Is anyone under the
impression that Cloudflare breaks the internet for the whole of Vietnam in
the same way they do for Tor users? It is news to me if so. The other
inference is that public shared IP addresses are prone to having high
threat scores in general, which seems obvious.
I would like to get greater clarity from Cloudflare on how they interpret
these threat numbers, and they have done a good job of engaging so far so
hopefully we might get something. We have heard that Tor is not singled
out specifically, but rather that it is treated as a source of abuse as
per these threat scores. So how? If a whole country is behind a carrier
grade NAT with a higher threat score than typical Tor exit nodes, is that
country being treated as a threat / abuse source similar to Tor? Do they
get unsolvable Captchas with a similar frequency as Tor users? What else
feeds into this heuristic?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:141>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list