[tor-relays] Comcast blocks ALL traffic with tor relays

sysop at openinternet.io sysop at openinternet.io
Mon Jun 12 17:06:20 UTC 2023 

FWIW I haven't ever experienced any issues using Tor on multiple Comcast 
residential and business lines.

I use Tor as a client daily from a Comcast residential connection and 
have never been unable to connect to directories or relays.

I also have a directory client running 24/7 on Comcast business and it 
hasn't had any Tor-related connectivity issues over the last 6+ years.

I just spun up a new /relay/ on a Comcast residential connection and 
have no issues talking to other relays and I've confirmed the ORPort is 
reachable from multiple other AS's in the US and abroad.

  │ 09:11:35 [NOTICE] Self-testing indicates your ORPort 
98.45.218.223:9001 is reachable from the outside. Excellent. Publishing 
server descriptor.
  │ 
https://metrics.torproject.org/rs.html#details/42BD1CC75EA01755D1F7DC8205C9ED9B19C7DC96

If anyone wants to test reachability to this Comcast relay, I'll leave 
it up for the next 48 hours or so.

I'm not necessarily a fan of Comcast or any of their practices and am 
only speaking for myself here but I haven't ever experienced any 
blocking or difficulty.

Are you sure that port forwarding To your relay is reliably working and 
that some "security feature" in your Comcast modem/router isn't causing 
the problem? I haven't researched any reports of Comcast blocking so I 
can't speak to any other anecdotal reports of said blocking. I sure hope 
it isn't the case. If it is, I'll certainly drop them in a flash too.

Regards,

Drew

On 6/11/23 04:46, xmrk2 via tor-relays wrote:
> I'd like to raise awareness of the Comcast blocking.
>
> As stated in subject, I believe Comcast blocks all traffic between its 
> customers and public tor relay nodes. That is, the blocking is not 
> limited to tor-related traffic, all other services / ports on the tor 
> relay are blocked.
>
> Background: I am running a lightning node, lightning is a layer 2 
> protocol to scale Bitcoin. Lightning nodes need to be connected to 
> each other ideally 24/7. I was contacted by the operator of another 
> Lightning node, complaining that he cannot connect to my node. He is 
> Comcast customer, I am not. I was also running a tor relay on the same 
> public IPv4 address.
>
> I am pretty sure that the blocking is done by Comcast and is triggered 
> by being in public list of tor relays. The blocking disappeared after 
> I stopped my tor relay and restarted my router (thus getting a new 
> external IPv4 address). After 1 day, I relaunched the tor relay, and 
> the blocking reappeared a few hours later. It was also confirmed by 
> the said operator of the lightning node, who said there were various 
> rounds of blocking tor, customers complaining and Comcast lifting the 
> block for some time, only to reinstate the blocking later.
>
> Comcast thus discourages me and similar people from running tor 
> relays, or at least forces me to run tor in bridge mode. So this is an 
> insidious attack on tor. Note that Bitcoin is not particularly 
> relevant, Comcast is blocking tor nodes, not bitcoin nodes. So even if 
> you hate Bitcoin, note that the same problem could arise even if 
> Bitcoin never existed: e.g. a self-hosted web server, whose owner 
> wants to donate his free capacity to tor by running tor relay. By 
> doing this, he prevents any Comcast customers from accessing his web 
> server, and this consequence is not obvious at all.
>
> Any ideas on how to combat this? I was thinking about including some 
> false positives in tor relay list. Imagine including some Google 
> servers' IP addresses - Comcast customers suddenly cannot connect to 
> Google, unless Comcast stops this blocking... or simply whitelists 
> Google. But those false positives sound ugly and a bit malicious, not 
> sure it is a good idea.
>
> I already wrote about this publicly, and also wrote a mail to EFF. 
> Hope I am not spamming, I feel this is quite important issue and am a 
> bit frustrated by the lack of attention it gets.
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230612/32ad8d12/attachment-0001.htm>

More information about the tor-relays mailing list