[tor-mirrors] Testing cloudflare on a mirror of tor's website
David Fifield
david at bamsoftware.com
Sun Oct 19 00:54:50 UTC 2014
On Sat, Sep 13, 2014 at 11:00:25PM -0700, David Fifield wrote:
> On Tue, Sep 09, 2014 at 09:05:21PM -0400, Andrew Lewman wrote:
> > Unless some company/country are going to block all of cloudflare or a
> > CDN, our mirrors can still be reachable. This is the same idea that
> > David Fifeld is counting on with the meek transport using Google App
> > Engine. Blocking all of Google seems a huge cost vs the gain of stopping
> > some tor users.
>
> On that note, it's worth looking at what GreatFire.org is doing for
> some of their mirror sites: https://github.com/greatfire/wiki.
>
> Here is one of the URLs:
> https://a248.e.akamai.net/f/1/1/1/dci.download.akamai.com/35985/159415/1/f/
> This URL is from an Akamai reseller, http://cachesimple.com/, who have a
> plan starting at $50/month. The long URL is an explicit form of what
> normally happens implicitly through SNI at the Akamai CDN (see page 5 of
> https://research.microsoft.com/en-us/um/people/ratul/akamai/freeflow.pdf
> for Akamai URL structure). The important thing is that all the blockable
> content is encrypted in the path component. The censor only gets to see
> the domain name a248.e.akamai.net, which is some kind of magic Akamai
> HTTPS domain that's used for tons of stuff. I think a mirror like this
> would be very hard to block.
I found out that the a248.e.akamai.net domain name is DNS-poisoned in
China, since late September 2014.
https://en.greatfire.org/https/a248.e.akamai.net
(Click on one of the calendar dates to see details.)
Their wiki page https://github.com/greatfire/wiki replaced Akamai with
Level 3:
https://secure.footprint.net/pingfan/fw
David Fifield
More information about the tor-mirrors
mailing list