The Tor network is either under attack by or very popular in Iran
The traffic-analysis resistant anonymizing Tor network's "user-base" Iran exploded the last two weeks bringing the amount of supposed users up from barely measurable to about 800.000 "people". There's roughly 83 million people in that country which would mean that one in a hundred people in Iran decided to use Tor all their web browsing the last two weeks.
This chart shows the connection to Tor bridges, not the network's relays. There is something about that chart which doesn't look right. It's more like a hockey-stick than something which reflects slow organic growth. Tor's been around for a decade and it's user-base has been slowly and steadily growing all that time. Explosions like this is not the norm.
So what is going on? Your guess is as good as mine. A Tor project Ticket #30636 was filed with the title "Something funky is going in Iran: numbers of relay users flies off to 400K" when the hockey-stick graph blew through the big 400K. Now, one week later, it's doubled. That's some impressive exponential growth going on. It's interesting to note that the traffic coming from Iran does not appear to hit directory servers in the same way normal Tor clients do. This hints at some kind of specialized software being deployed.
It's hard to know if this is some kind of Iran-based attack on the Tor network or a real explosion in Tor's user-base in that country. A graph like this could be produced if some popular phone application like Facebook decided to include a Tor-client in a new version - making all existing users Tor-users overnight. It could also be an attempt to learn where all the Tor bridges are and who's using them. Whatever the case it will be interesting to see if this graphs keeps on going, levels off or if it makes a hard U-turn and returns to near-zero.
last edited 2019-06-03
Latest news headlines
- Git v2.23.0 is released and available
- Fedora 31 is branched: Here are the high-lights in the next Fedora version
- Creating Worms exploiting Windows Remote Desktop Vulnerabilities knock on port 3389
- Happy Birthday Debian
- AMD finally submits kernel patch for broken RDRAND on older AMD APUs
- Tor Snowflake launched as a censorship countermeasure for the The Onion Router network
- Treasure-trove of internal Google documents showing censorship and bias leaked by insider
- Linux Kernel 5.3-rc4 released
- Xfce 4.14 Released
See the more archive for news headlines