[tor-relays] Comcast blocks ALL traffic with tor relays

tor admin j_tor at wilkensteen.org
Mon Jun 12 15:25:57 UTC 2023 

If we could get EFF to announce a boycott of any corporation known to 
act maliciously against Tor or other privacy-friendly technology (such 
as VPNs), that would go a long way.

I will also write to EFF.  I have donated money to them, so maybe they 
will listen.  If they won't support a boycott directly, maybe at least 
they will comment on the issue publicly, and that would help launch a 
boycott.

If will also help to get an official communication from Comcast saying 
they are blocking Tor.  If they won't admit this, it makes it that much 
harder to fight.  I can't do this as I'm not a Comcast customer.  Are 
there any Comcast customers that can get a Comcast rep to admit, in 
writing, that this is happening?






On 6/12/23 10:50, s7r wrote:
> xmrk2 via tor-relays wrote:
>> Any ideas on how to combat this? I was thinking about including some 
>> false positives in tor relay list. Imagine including some Google 
>> servers' IP addresses - Comcast customers suddenly cannot connect to 
>> Google, unless Comcast stops this blocking... or simply whitelists 
>> Google. But those false positives sound ugly and a bit malicious, not 
>> sure it is a good idea.
>>
>
> This sucks big time, if true. I am trying to ping Comcast from a 
> middle relay IP address and it seams, to work, I guess you mean 
> AS33651 - Comcast Cable LLC. Anyway, it could be, at latest consensus 
> there is no single relay (middle or exit) hosted in AS33651.
>
> I am not sure about the false positive solution, I see only downsides, 
> including but not limited to:
>
> - it's not ethical for Tor Project to do this, e.g. stating another 
> company's infrastructure (say Google IP address space) is part of a 
> network when in fact its not. I get it that the goal is privacy 
> oriented and in good faith (freedom faith) but it seams rather 
> inappropriate;
>
> - there is no evidence that a blocker might use a list of relays 
> provided by Tor Project's metrics portal (I am confident nobody does 
> it because it's less effective) - they can just run a Tor client and 
> get a copy of a consensus and extract from there IP:PORT IPv6:PORT and 
> do from there whatever they please;
>
> - if you include such false positives in the consensus you have to 
> simulate dummy Tor relays on those "hot" IP addresses, like providing 
> an onion key, RSA identity and ed25519 identity, thus looking like a 
> relay, state some bandwidth for it, etc - in this case how will a Tor 
> client know which relay is dummy and which not, in order not to try to 
> establish circuits that fail, ultimately producing a terrible user 
> experience for all users. Same applies for other relays, not just 
> clients, that need to produce connections with the dummy relays. If we 
> somehow mark them as "dummy", it will be pretty stupid and obvious and 
> waste of effort as the blocker can simply understand the "dummy" 
> marker and it's done, I guess it's pretty obvious.
>
>> I already wrote about this publicly, and also wrote a mail to EFF. 
>> Hope I am not spamming, I feel this is quite important issue and am a 
>> bit frustrated by the lack of attention it gets.
>>
>
> Not at all, this is very interesting and not spamming at all. I think 
> it is unacceptable for this to happen, and I think all Comcast 
> customers should quit if this is true - large internet corporations 
> are trying to move on from "IP address identifications" as in only a 
> beginner that discovered the internet one week ago still thinks of the 
> IP address as "identification of a certain individual / entity", 
> everybody is moving to advanced layers of authentication on per device 
> basis, cryptographic public key, etc. Comcast if they do such a thing 
> they set themselves 25 years behind the industry they operate in. And 
> this can create many unwanted effects, someone should try to do 
> something about this but I am not sure what we Tor volunteers *can* do 
> to help with this, especially the ones that are not Comcast customers. 
> EFF is the best start IMO.
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list