[tor-bugs] #20216 [Metrics/Censorship analysis]: Iran blocking of direct users, 2016-08 and 2016-09

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 23 17:17:50 UTC 2016 

#20216: Iran blocking of direct users, 2016-08 and 2016-09
-----------------------------------------+---------------------
 Reporter:  dcf                          |          Owner:
     Type:  defect                       |         Status:  new
 Priority:  Medium                       |      Milestone:
Component:  Metrics/Censorship analysis  |        Version:
 Severity:  Normal                       |     Resolution:
 Keywords:  censorship block             |  Actual Points:
Parent ID:                               |         Points:
 Reviewer:                               |        Sponsor:
-----------------------------------------+---------------------

Comment (by dcf):

 Replying to [comment:8 joss]:
 > The drop in ofs3 usage corresponds to a small decrease in the baseline
 number, but doesn't really change that much. I'm more interested in why
 the obsf4 spike was so short-lived. It looks like a clear response to the
 massive drop in direct usage, but doesn't last when direct usage falls to
 almost zero after that small recovery.

 My guess is it went like this:
   Iran blocks direct → users switch to obfs4 → change in bridge authority
 means a fraction of obfs4 bridges stop reporting → apparent but not actual
 end of obfs4 spike.

 When the bridge authority changed, [https://lists.torproject.org/pipermail
 /metrics-team/2016-September/000217.html 5/5 default obfs3 bridges stopped
 reporting, while only 3/16 default obfs4 bridges stopped reporting]. That
 may be why obfs3 crashed almost to zero while obfs4 just seemed to retard
 an upward trend.

 > I wonder if this is some kind of doubled event. An initial block on
 direct usage, followed by a minor relaxation in which the direct usage
 climbed again while bridge usage fell, followed by a second block.
 > If I were speculating wildly, it almost looks like a new group of people
 tried bridges after an initial block, then didn't need them when direct
 connections became partially possible again, then didn't try bridges again
 when the block came back.

 My guess is that the first block was a naive one, simply blocking the IPs
 in some snapshot consensus. What looks like a relaxation of blocking is
 just natural churn in relays bringing new, unblocked entry nodes online.
 The second block looks like a continually updated blocklist, updated
 hourly or something.

 > Do we have an AS-level breakdown of connections? Could this be some kind
 of per-network issue?

 No, there's not AS-level breakdown. The stats get aggregated to the
 country level at the bridge, as I understand it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20216#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list