The user count on the snowflake-01 bridge rose greatly in the middle of July 2025, from 20,000 to about 50,000. But the connections with geolocation look normal; the increase was caused by a lot of "??" connections; that is, connections without client IP address geolocation. I've attached a graph that shows June and July 2025. There were also some "??" in June, though fewer. The "??" appear only on the snowflake-01 bridge, not snowflake-02. What could be the cause of geolocation failures? The client geolocation comes from the client IP address, which is supposed to be forwarded by the proxy: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... "??" probably means that the bridge did not receive a forwarded client_ip. I suppose it could also be the result of a geolocation lookup failure, but that seems unlikely. Some ideas about what might be happening: * There is a population of proxies out there that does not properly forward the client IP address. * There are clients out there that are connecting directly to the bridge (i.e., as a WebSocket pluggable transport), without using a proxy. * Maybe it's a researcher doing experiments. * Maybe some kind of attempted attack. "??" connections in June 2025 were previously remarked on here: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... "??" connections in August 2024 were previously remarked on here: https://archive.torproject.org/websites/lists.torproject.org/pipermail/anti-... http://lists.torproject.org/pipermail/anti-censorship-team/attachments/20240...