[tor-bugs] #20348 [Metrics/Censorship analysis]: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf. cyberoam assists bloody dictatorships.

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 28 23:02:18 UTC 2016 

#20348: kz no need tor, tor no need kz, if anybody want they can to use ultrasurf.
cyberoam assists bloody dictatorships.
-----------------------------------------+-------------------------
 Reporter:  dcf                          |          Owner:
     Type:  project                      |         Status:  closed
 Priority:  Medium                       |      Milestone:
Component:  Metrics/Censorship analysis  |        Version:
 Severity:  Normal                       |     Resolution:  invalid
 Keywords:  censorship block kz          |  Actual Points:
Parent ID:                               |         Points:
 Reviewer:                               |        Sponsor:
-----------------------------------------+-------------------------

Comment (by dcf):

 Replying to [comment:91 cypherpunks]:
 > > There could be another cause: for example suppose all the DPI boxes
 count connections to each IP address and upload the logs to a central
 place, then the firewalls only apply their timing/entropy heuristics to
 popular destinations. It wouldn't surprise me if a firewall vendor were
 uploading customer connection logs in order to do data mining on them.
 >
 > They no need to send it to central place, box can to count connections
 locally to skip all new addr:port. But then why need to count entropy
 every time for already known addr:port? Why so complex?

 The reason I mentioned sending logs to a central place is that the tor-
 talk commenter said that for them, too, well-used bridges were detected
 and unused bridges were not detected. I assumed that they did not have a
 lot of other users behind the firewall that were increasing connection
 counts for the default bridges, but I could be wrong about that
 assumption.
 https://lists.torproject.org/pipermail/tor-talk/2016-November/042592.html

 It might be just a blacklist that all firewalls share. Even then, I can't
 explain why they would seemingly be checking entropy and doing a lot of
 work, rather than just blocking the endpoints.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20348#comment:100>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list