[liberationtech] Tor: Increased Internet blocking in Iran
Hal Roberts
hroberts at cyber.law.harvard.edu
Wed Jan 12 14:01:11 PST 2011
My working theory for this sort of thing, mostly from what we know about
how China makes its blocking decisions, is that these odd decisions
about what gets blocked and what doesn't are not driven by the sort of
reasonable / clever technical motivations you describe below but instead
by political direction of technical decisions.
This is to say that there are probably no smart techies in Iran who are
empowered to make the decision of what to block when to fight tor for
control of the network. Instead, the techies wait for micro level
directions from political folks, who make decisions sometimes for
obvious reasons (political crises etc) and sometimes for small reasons
inscrutable from the outside (local corruption issues etc).
One smart Chinese scholar makes the point that in fact Chinese
government techies have incentive not to completely block circumvention
tools because doing so would put them out of their jobs. According to
this theory, the techies block the minimum they are told to block by the
political bosses.
I don't have the ground level of knowledge of this sort of thing in Iran
that I do in China, so your theory below may be a better description.
But my intuition is that political actors are driving the micro-details
of blocking decisions much more than techies.
-hal
On 1/12/11 3:49 PM, liberationtech at lewman.us wrote:
> The Great Potato Wall appears to be trying new things. Recent traces
> do not show ssl throttling anymore. There is possible ssl intercept
> and manipulation occurring. There is definitely IP address blocking.
> Interestingly, https:// gmail and google search are working fine.
>
> Any idiot can block the public Tor Network, we've know this for ages.
> In fact, we told the world how to do it years ago at various
> conferences. It took until late 2009 for China to lead the world in
> taking this step. It seems Iran may be learning how to do this too.
>
> What's interesting is that our bridges are more affected than the public
> relay list [1]. Depending upon your level of paranoia, there could be
> two things going on:
>
> 1) The potato wall admins are testing technology to block the bridge
> relays, because they are not generally published the world over (like
> the public tor network relays are by design). The admins feel they can
> block the public tor network easily, so test the difficult parts; or
>
> 2) The admins are purposely allowing the public tor network to be accessed
> so they can record which IP addresses in country are connecting to public
> tor relays. One could then use this list of people in the future.
>
> In either case, Tor can use any HTTP, HTTPS, or SOCKS proxy as an access
> layer to connect to the public tor network [2]. Users in China are fond
> of using VPNs to get past the GFW and then use Tor so the VPN provider
> can't see what they're doing on the Internet.
>
> We're also working on hiding in the crowd of allowed traffic [3].
>
> The end goal is to help people, so we've suggested that people use tools
> that work right now to get access to the outside world. Using tor over
> these tools will protect their privacy as well, see [2] again.
>
> Research continues.
>
> [1]
> https://metrics.torproject.org/users.html?graph=bridge-users&start=&end=&country=ir#bridge-users
> versus
> https://metrics.torproject.org/users.html?graph=direct-users&start=&end=&country=ir#direct-users
>
> [2] https://www.torproject.org/docs/proxychain
>
> [3]
> https://gitweb.torproject.org/tor.git/blob/HEAD:/doc/spec/proposals/ideas/xxx-pluggable-transport.txt
>
More information about the liberationtech
mailing list