
Can someone else running a relay from their home connection confirm that they get an 'Access denied' error from http://www.nhs.uk? I've checked with someone using the same ISP in the flat above me and they seem able to access the site just fine, as can I via mobile internet so I'm down to suspecting that they are blocking all Tor relay IPs. This is the exact error I get: Access DeniedYou don't have permission to access "http://www.nhs.uk/" on this server. Reference #18.1f7f1002.1397514736.1fe2170c The reference seems to change each time I visit. If this does turn out to be them blocking Tor - advice on how to approach contacting them to resolve this would be appreciated. Thanks, Chris -- *Dr Chris Whittleston 栗主* Department of Chemistry University of Cambridge Lensfield Road, Cambridge, CB2 1EW Email: csw34@cam.ac.uk Tel: +44 (0)1223 336423

Chris Whittleston <csw34@cam.ac.uk> wrote:
I closed the tab without noting the Reference #, so I can't comment, but yes, it did deny access. My relay is MYCROFTsOtherChild, and it and I are in Illinois. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *or* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************

Right - so this seems to confirm that they are indeed blocking Tor - and not just exits - I'm running a middle relay. I've contacted them via a web form asking why they block all Tor relay IPs. Tips on what I should tell then if/when they get back to me tomorrow? Was currently planning on at least explaining the difference between middle and exit relays. Chris On 15 April 2014 00:50, Pepijn Le Heux <pepijn@leheux.com> wrote:
-- *Dr Chris Whittleston 栗主* Department of Chemistry University of Cambridge Lensfield Road, Cambridge, CB2 1EW Email: csw34@cam.ac.uk Tel: +44 (0)1223 336423

On Tue, Apr 15, 2014, at 01:03 AM, Chris Whittleston wrote:
They are also blocking Hidemyass.com GD -- http://www.fastmail.fm - Same, same, but different...

Chris Whittleston wrote:
I am running both my relay, OnionTorte, and a vanilla machine from a home connection. Both get denied access, and the Ref# changes w/ each visit. HTH, P -- Dirt kicked to the curb goes into the gutter. Professionals kicked to the curb go into retail.

On Mon, 14 Apr 2014 23:37:35 +0100 Chris Whittleston <csw34@cam.ac.uk> allegedly wrote:
Confirmed. My (non-exit) relay in Amsterdam is blocked. Another (non-tor) server in Amsterdam is not blocked, nor are my non-tor servers in the UK, SanFrancisco or NYC blocked. As for getting this changed, that may be difficult. You could try contacting the site through the page at: http://www.nhs.uk/aboutNHSChoices/Pages/ContactUs.aspx and selecting the "I have experienced a problem accessing or using the website or some part of it" radio button and then commenting. You could contact the NHS at the (postal) address below. You could contact the DoH (Charles Massey) https://www.gov.uk/government/people/charlie-massey As evidence in favour of Tor's value, you could point to the "who uses Tor" page at https://www.torproject.org/about/torusers.html.en. You could usefully explain the obvious value of anonymity in browsing health related sites. And, since you appear to be in Cambridge, you could look for some support (and possible advice) from Ross Anderson (http://www.cl.cam.ac.uk/~rja14/). You can bet that Ross uses Tor, and he almost certainly has experience in dealing with awkward parts of HMG. Best Mick ------------------------------------- NHS address NHS Connecting for Health Informatics Directorate Department of Health Princes Exchange Princes Square Leeds West Yorkshire LS1 4HY --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------

Thanks for all that Mick - I have already contacted them via that form and received an initial response (pasted below) which isn't that encouraging. I suspect the biggest challenge with this is going to be getting access to the people who have influence or power to make a change. I've contacted Ross also so we'll see if he has any insight or advice. Here is their reply: ------------------------------------------------------------- Dear Chris, Thank you for contacting the NHS Choices Service desk Unfortunately the issue you have raised seem to be to with your internet connection as you are running a Tor middle relay. We are unable aid you on this issue as no we have not has any reports of issue with connecting to the site. If we have blocked Tor, it will be due to security reasons. Kind Regards, Kalpesh The NHS Choices Service Desk ------------------------------------------------------------- I think the next step will be to find out if they can direct me to the person who made the decision to block public Tor IPs in the first place, or the policy/IT team who implemented it. I'll update when I have more. Chris On 15 April 2014 14:46, mick <mbm@rlogin.net> wrote:
-- *Dr Chris Whittleston 栗主* Department of Chemistry University of Cambridge Lensfield Road, Cambridge, CB2 1EW Email: csw34@cam.ac.uk Tel: +44 (0)1223 336423

Hello Chris! I run an internal relay in Austria https://torstatus.blutmagie.de/router_detail.php?FP=19eb1397aa60f3fb8bd0995b... and checked http://www.nhs.uk from my original IP. It worked, I accessed the site. Best regards Anton -- no.thing_to-hide at cryptopathie dot eu 0x30C3CDF0, RSA 2048, 24 Mar 2014 0FF8 A811 8857 1B7E 195B 649E CC26 E1A5 30C3 CDF0 Bitmessage (no metadata): BM-2cXixKZaqzJmTfz6ojiyLzmKg2JbzDnApC On 15/04/14 18:57, Chris Whittleston wrote:

On Tue, 15 Apr 2014 21:24:00 +0200 no.thing_to-hide@cryptopathie.eu allegedly wrote:
That's interesting. From the DNS responses I get from various places it looks as if the NHS site is run on the Akamai CDN. So it may be that (some of) the Akamai servers are blocking Tor. Mick --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------

Is there a legal basis for suing government or other agencies with a public service mandate that persistently block traffic from ip addresses of *non-exit* relays? Is the list of the non-exits easy to obtain by non-tor users and why? I understand and support publishing *exit* ip addresses, that is not what i am questioning here. On Tue, Apr 15, 2014 at 3:37 PM, mick <mbm@rlogin.net> wrote:

On Mon, 14 Apr 2014 23:37:35 +0000, Chris Whittleston wrote: ...
Access DeniedYou don't have permission to access "http://www.nhs.uk/" on this server.
I could access them this morning via tor (unfortunately I can't tell which exit was used). May well be just not-yet-blacklisted. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800

On Mon, 14 Apr 2014 23:37:35 +0100 Chris Whittleston <csw34@cam.ac.uk> wrote:
Rather than going back and forth with "nope blocked for me", "oh works for me" useless junk, did it not occur to anyone to run a simple console command?... $ host www.nhs.uk www.nhs.uk is an alias for san.nhs.uk.edgekey.net. san.nhs.uk.edgekey.net is an alias for e9134.ksd.akamaiedge.net. e9134.ksd.akamaiedge.net has address 2.19.223.45 And Akamai blocking Tor is very old news, at least from back in September 2013: https://lists.torproject.org/pipermail/tor-talk/2013-September/030026.html So that's whom you (also) should be pestering about this, not (just) the clueless support drones at NHS. -- With respect, Roman
participants (10)
-
Andreas Krey
-
Chris Whittleston
-
Geoff Down
-
krishna e bera
-
mick
-
no.thing_to-hide@cryptopathie.eu
-
Pepijn Le Heux
-
Roman Mamedov
-
Scott Bennett
-
Tor Relay