Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After the Spring


Published on

Network of Excellence Internet Science Summer School. The theme of the summer school is "Internet Privacy and Identity, Trust and Reputation Mechanisms".
More information:

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After the Spring

  1. 1. Online AnonymityBefore and After the Arab Spring A talk by Runa A. Sandvik,, on August 14, 2012, at the first Network of Excellence Internet Science Summer School
  2. 2. I am• From Oslo, Norway, based in London, UK• A developer, researcher, project coordinator, community manager, support assistant, and translation coordinator• Worked for and with the Tor Project since Google Summer of Code in 2009
  3. 3. This is• A talk about what Tor is, how it works, the increase in users over the past two years, blocking events, and work in progress• Will look at blocking events from 2006 to 2009 and compare these with the events we have seen since the beginning of 2011
  4. 4. Before the Arab Spring
  5. 5. “Tor is free software and an open networkthat helps you defend against a form ofnetwork surveillance that threatens personalfreedom and privacy, confidential businessactivities and relationships, and state securityknown as traffic analysis.”
  6. 6. How Tor works
  7. 7. Tor is open source• The code was released in 2002• The design paper published in 2004• Tor was (and still is) an anonymity tool, but no one had thought about circumvention/ anti-censorship
  8. 8. The arms race begins• Thailand (2006): DNS filtering of our website• Smartfilter/Websense (2006): Tor used HTTP for fetching directory info, cut all HTTP GET requests for “/tor/...”• Iran (2009): throttled SSL traffic, got Tor for free because it looked like Firefox+Apache• Tunisia (2009): blocked all but port 80+443• China (2009): blocked all public relays and enumerated one of the bridge buckets
  9. 9. The Arab Spring
  10. 10. Use of social media• In the months following the first protests in December 2010, videos, pictures, and stories from activists spread quickly via the Internet• Use of social media helped activists organize protests and spread awareness, that changed when authorities started to censor more and more websites
  11. 11. Hacktivism• Griffin Boyce at HOPE Number Nine: Information distribution in the Arab Spring• Shortwave and pirate radio to communicate with other activists and the rest of the world• A few ISPs around the world set up dial-up services for people in Egypt• Speak To Tweet, Bluetooth local networks to share and spread videos, word of mouth• Free proxies, VPN services, RetroShare, Tor
  12. 12. Between 2010 and 2012• Tunisia: from 800 to 1,000• Egypt: from 600 to 1,500• Syria: from 600 to 15,000• Iran: from 7,000 to 40,000• All countries: from 200,000 to 500,000
  13. 13. Since then...
  14. 14. A quick reminder• DNS filtering of our website• Cut all HTTP GET requests for “/tor/...”• Throttle SSL traffic• Block all but port 80 and 443• Block all public relays and bridges
  15. 15. The arms race continues• DigiNotar and Comodo (2011): incorrectly issued certificates for our website to a malicious party• China (2011): use of DPI, follow-up scanning to determine what the connection is and if it should be blocked• Iran (2011): use of DPI on SSL in 2011, general SSL block in February 2012, “halal” Internet• Kazakhstan, Ethiopia, UAE (2012): use of DPI
  16. 16. Public key pinning• We pinned the certificate for our website in Google Chrome, the certificate chain must now include a whitelisted public key• A self-signed certificate will display a warning and ask the user if she wants to continue, an incorrect certificate will fail hard• Users with XP prior to SP3 will have some issues with SHA256 signed certificates, including the one for
  17. 17. Obfsproxy• A new tool to make it easier to change how Tor traffic looks on the network• Rolled out in February 2012 when Iran started using DPI to filter all SSL connections• Requires volunteers to set up special bridges• We are working on automating builds of the Tor Browser Bundle with Obfsproxy• Different pluggable transports available; FlashProxy, StegoTorus, SkypeMorph, Dust
  18. 18. Manual blocking analysis• Requires in-country contacts with patience, access to Wireshark, the Tor Browser Bundle, and a private Tor bridge• We spend a lot of time analyzing captured network data, try to determine the fingerprint that is being used to block Tor, and then set up special bridges for affected users
  19. 19. Tor censorship events• An anomaly-based censorship-detection system for Tor on https://, also includes the Tor censorship events mailing list• Censorship Wiki with details about blocking events, research, tools: https:// OONI/censorshipwiki
  20. 20. ooni-probe• A part of the Open Observatory of Network Interference project• Can be used to collect high-quality data about Internet censorship and surveillance• Runs a set of tests on your local Internet connection to check for blocked or modified content• Will eventually be able to determine how different DPI devices are blocking Tor
  21. 21. Questions?• Support:• Development:• IRC: #tor and #tor-dev on• Twitter: @torproject•• Twitter: @runasand