[tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 24 22:55:26 UTC 2016

#18361: Issues with corporate censorship and mass surveillance
 Reporter:  ioerror                       |          Owner:  tbb-team
     Type:  enhancement                   |         Status:  new
 Priority:  High                          |      Milestone:
Component:  Tor Browser                   |        Version:
 Severity:  Critical                      |     Resolution:
 Keywords:  security, privacy, anonymity  |  Actual Points:
Parent ID:                                |         Points:
  Sponsor:                                |

Comment (by torhp):

 I looked into the project honey pot data and I don't find it to be very
 supportive of the "Tor is a source of abuse" hypothesis.  Certainly not in
 the sense that it can be used to justify blocking Tor users.

 So I looked at the list of XFF proxies someone linked to above and
 coincidentally I found Singapore's number one ISP near the top of the list
 which piqued my curiosity.

 I used to live in Singapore and at that time I was using Tor pretty much
 daily.  I can tell you that as a residential clearnet internet user, I
 don't remember once coming across the cloudflare captcha problem.  As a
 Tor users of course I did get locked out of websites by cloudflare though,
 so comparing honeypot numbers for Tor versus Singapore ISP's NAT hardware
 is interesting to me.  Let's get down to it.

 First of all, the ISP alluded to above is Singtel, but I was actually a
 customer of Starhub (Singapore's number 2 ISP), but I found them in the
 honeypot data too and checked their scores.  Their two listed IPs have
 threat scores of 40 and 26.

 Two IP addresses isn't a huge amount though, so I checked out a couple
 more - I found an IP listed as being the outbound proxy for Vietnam's
 state owned ISP.  They only have one IP listed so it may be a single
 carrier grade NAT device for the whole country - Vietnam I believe has a
 national firewall so that seems possible.  Their score was 57.  I checked
 one more IP which was one belonging to an ISP in Thailand.   Its score was

 I then pseudo randomly selected (scroll, point and click) four Tor fast
 exit nodes from torstatus.blutmagie.de  Their scores were 50, 42, 40 & 41.

 To summarise:

 Starhub 1(Singapore): 40
 Starhub 2(Singapore): 26
 Vietnam: 57
 Thailand: 30

 Tor Fast Exit 1: 50
 Tor Fast Exit 2: 42
 Tor Fast Exit 3: 40
 Tor Fast Exit 4: 41

 Limited samples not withstanding, the results are pretty interesting.
 Vietnam which apparently has one public IP address for the whole country
 has a worse threat score than the Tor exits.  Is anyone under the
 impression that Cloudflare breaks the internet for the whole of Vietnam in
 the same way they do for Tor users?  It is news to me if so.  The other
 inference is that public shared IP addresses are prone to having high
 threat scores in general, which seems obvious.

 I would like to get greater clarity from Cloudflare on how they interpret
 these threat numbers, and they have done a good job of engaging so far so
 hopefully we might get something.  We have heard that Tor is not singled
 out specifically, but rather that it is treated as a source of abuse as
 per these threat scores.  So how?  If a whole country is behind a carrier
 grade NAT with a higher threat score than typical Tor exit nodes, is that
 country being treated as a threat / abuse source similar to Tor?  Do they
 get unsolvable Captchas with a similar frequency as Tor users?  What else
 feeds into this heuristic?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18361#comment:141>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list