[tor-project] Proxy Blocking Latency (preprint)

[David Fifield]

Lynn Tsai and I, with the help of others, have been measuring how long
it takes for Tor Browser's default bridges to be blocked.

https://arxiv.org/abs/1605.08808 (click "PDF")

Abstract:
	Censors of the Internet must continually discover and block new
	circumvention proxy servers. We seek to understand the pace of
	this process, specifically, the length of the delay between when
	a proxy becomes potentially discoverable and when the censor
	blocks it. We measure this delay by testing the reachability of
	previously unseen Tor bridges, before and after their
	introduction into Tor Browser, from sites in the U.S., China,
	and Iran, over a period of five months. We find that China's
	national firewall blocks these new bridges, but only after a
	varying delay of between 2 and 18 days, and that blocking occurs
	only after a user-ready software release, despite bridges being
	available earlier in source code. While the firewall notices new
	bridges in Tor Browser, bridges that appear only in Orbot, a
	version of Tor for mobile devices, remain unblocked. This work
	highlights the fact that censors can behave in unintuitive ways,
	which presents difficulties for threat modeling but also
	opportunities for evasion.

The best summaries are on pages 4 and 5, which show in graphical/tabular
form the dates of releases and how long the bridges remained reachable
after. We would appreciate any comments or corrections. In particular,
the description of the Tor Browser release process could stand some
fact-checking by a Tor Browser developer.