A few days ago, we published a blog post exposing the use of Deep Packet Inspection (DPI) to filter all Internet traffic in Ethiopia, including connections to the Tor network. We concluded that they are doing some sort of TLS fingerprinting, but had not been able to figure out exactly what they are fingerprinting on. Since then, we have managed to determine exactly how Ethiopia blocks Tor and we have developed a workaround. We will publish a full technical analysis very soon.
The long-term solution for Tor users in Ethiopia is to use the Obfsproxy Tor Browser Bundle. The bundles are, unfortunately, not up to date at the moment, but this is something we are working on (see #5937 for details). In the meantime, try using one of the following three bridges:
If the bridges are not working, or you have questions, send an email to firstname.lastname@example.org.
The Ethiopian Telecommunication Corporation, which happens to be the sole telecommunication service provider in Ethiopia, has deployed or begun testing Deep Packet Inspection (DPI) of all Internet traffic. We have previously analyzed the same kind of censorship in China, Iran, and Kazakhstan.
Reports show that Tor stopped working a week ago -- even with bridges configured. Websites such as https://gmail.com/, https://facebook.com/, https://twitter.com/, and even https://torproject.org/ continue to work. The graphs below show the effects of this deployment of censorship based on Deep Packet Inspection:
An analysis of data collected by a volunteer shows that they are doing some sort of TLS fingerprinting. The TLS server hello, which is sent by the Tor bridge after the TLS client hello, never reaches the client. We don't know exactly what they are fingerprinting on, but our guess is that it is either the client hello or the server hello. An illustration can be found in this network flow diagram.
Thanks to Philipp Winter and George Kadianakis for helping me analyze the data. If you have more information about the censorship in Ethiopia, please email email@example.com.
In December 2011 we were aware of Kazakhstan increasing Internet censorship in response to some unrest and protests in Zhanaozen in the west. The censorship was then deployed around the country, in many cases with the full support of the populace. The initial invesitgation showed simple IP address blocking coupled with basic dns censorship. Tor continued to work without incident until this week.
JSC KazTransCom, AS35104, has deployed or begun testing deep packet inspection (dpi) of all Internet traffic. They specifically target SSL-based protocols for blocking. This includes Tor, IPsec, and PPTP-based technologies, as well as some SSL-based VPNs. Business and private users of these technologies are equally affected.
An example of the censorship, as recorded by volunteers in country, can be found in this network flow diagram. Kazakhstan is identifying and blocking the SSL client key exchange during the setup of an SSL connection. This graph shows the effects of this deployment of censorship based on dpi.
Luckily, due to our recent experience with Iran we have an answer for people: use obfsproxy. Obfsproxy continues to work in Kazakhstan, as well as Iran. In fact, it works in any country where dpi is used to censor citizens' access to the Internet.
Thank you to the volunteers for spending their Valentine's Day collecting and analyzing data.
You've flooded the blog and tor-assistants with lots of cries for help about Tor, Freegate, Ultrasurf, and a slew of VPNs all being blocked. Sometimes this is through MTN Nigera, sometimes not.
http://www.herdict.org/web/explore/country/NG suggests access is a 50/50 chance for some sites.
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#Iins.... That FAQ entry is a fine place to start. Telling us Tor doesn't work lets us know there is a problem. Sending in logs from Message Log would be a great start. We need to know what Tor records while trying to connect to the Tor Network.
Someone could further startup Wireshark and record the entire session of Tor starting up and ultimately failing to connect to the Tor Network. read more »
On September 25, 2009, the Great Firewall of China blocked the public list of relays and directory authorities by simple IP address blocks. Currently, about 80% of the public relays are blocked by IP address and TCP port combination. Tor users are still connecting to the network through bridges. At the simplest level, bridges are non-public relays that don't exit traffic, but instead send it on to the rest of the Tor network.
If you want to help people in China get access to the uncensored Internet, run a bridge.
Feel free to mirror this post, or the Tor website. We have a list of mirrors at https://www.torproject.org/mirrors.html.en or search for tor mirrors via Google, Yahoo, Baidu, etc.
Links to other helpful sites (not run by us): read more »