[tor-relays] Comcast blocks ALL traffic with tor relays
Livingood, Jason
Jason_Livingood at comcast.com
Wed Jun 14 21:14:01 UTC 2023
>As to the blog post you mention… Your statements are very generic: now you talk about "not blocking tor", but tor is not just one webpage, one server, a monolithic entity. I would appreciate details: If your customer has "advanced security" activated, can he connect to any ORPort of any tor middle relay?
Fair enough. That post was in any case from 2014 and the questions are different today (I just used it as an example that we’re not against Tor). Honestly, I’m a little surprised that someone running a Tor exit node would not be using their own cable modem and running their own router (whether open source a la Openwrt or commercial). If someone wants to do stuff like run a Tor exit node or run a MASQUE relay or whatever, I’d recommend they turn off Advanced Security and manage their routing & firewall rules themselves.
>Sorry if I am a bit repetitive, but https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security<https://urldefense.com/v3/__https:/www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security__;!!CQl3mcHX2A!GL-M865o8Ul6VQiGJSAHwue9MmlLnlCkSlez2kSjTpTq91B5S2TV_6hpdIS3pBMgjK8UBjTiRgcW8Hu1XzhBRik$> mentions "Blocks remote access to smart devices from known dangerous sources.". What do you mean by dangerous sources, and does it include tor relays or exits?
It may be down to the fact that “unknown” users connect to the relay/exit and that the average consumer user of the Advanced Security service does not want that. I suspect if someone wants this, it’s best to toggle Advanced Security off.
> I don't know whether this customer has "Advanced security" turned on, I just assume he has. Do you want me to send you privately more details (my IP and this peer's IP)?
Sure – I am happy to look at that confidentially. But it could be a wide range of other things – even basic things like someone’s router timing out external connections after X minutes, etc.
> So you remind me of an old joke: who should I believe, you, or my eyes? Sorry, I choose my eyes. I am talking here about direction from my node to Comcast. It is still possible that you don't block connections from Comcast to relays, I have contradictory evidence about this point. So if your "not blocking tor" means "not preventing our customer from connecting to some tor relays", this could be true.
Alternatively, given the large size of our network, if we were in fact blocking this, then I’d expect to see this list filled with complaints and social media sites (Twitter<https://twitter.com/search?q=comcast%20tor&src=typed_query&f=top>, Reddit, etc.) filled with complaints. But what I see now is a single report. That said, I routinely look at such reports when they seem at odds with our network policies so as to be certain there’s not some misconfiguration or bug someplace.
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230614/53a212c3/attachment-0001.htm>
More information about the tor-relays
mailing list