The document discusses online anonymity before and after the Arab Spring. It summarizes how Tor works to provide anonymity and the arms race between censors blocking Tor and Tor developers finding new ways to circumvent censorship. It describes a large increase in Tor usage during the Arab Spring protests from 2010 to 2012 and ongoing blocking efforts by countries like China, Iran, and Kazakhstan. New anti-censorship tools like public key pinning, Obfsproxy, and ooni-probe are working to detect and prevent censorship of Tor.

1. Online Anonymity
Before and After the Arab Spring
A talk by Runa A. Sandvik, runa@torproject.org, on August 14, 2012,
at the first Network of Excellence Internet Science Summer School

2. I am
• From Oslo, Norway, based in London, UK
• A developer, researcher, project coordinator,
community manager, support assistant, and
translation coordinator
• Worked for and with the Tor Project since
Google Summer of Code in 2009

3. This is
• A talk about what Tor is, how it works, the
increase in users over the past two years,
blocking events, and work in progress
• Will look at blocking events from 2006 to
2009 and compare these with the events we
have seen since the beginning of 2011

4. Before the Arab Spring

5. “Tor is free software and an open network
that helps you defend against a form of
network surveillance that threatens personal
freedom and privacy, confidential business
activities and relationships, and state security
known as traffic analysis.”

6. How Tor works

7. Tor is open source
• The code was released in 2002
• The design paper published in 2004
• Tor was (and still is) an anonymity tool, but
no one had thought about circumvention/
anti-censorship

8. The arms race begins
• Thailand (2006): DNS filtering of our website
• Smartfilter/Websense (2006): Tor used HTTP
for fetching directory info, cut all HTTP GET
requests for “/tor/...”
• Iran (2009): throttled SSL traffic, got Tor for
free because it looked like Firefox+Apache
• Tunisia (2009): blocked all but port 80+443
• China (2009): blocked all public relays and
enumerated one of the bridge buckets

10. The Arab Spring

11. Use of social media
• In the months following the first protests in
December 2010, videos, pictures, and stories
from activists spread quickly via the Internet
• Use of social media helped activists organize
protests and spread awareness, that changed
when authorities started to censor more and
more websites

13. Hacktivism
• Griffin Boyce at HOPE Number Nine:
Information distribution in the Arab Spring
• Shortwave and pirate radio to communicate
with other activists and the rest of the world
• A few ISPs around the world set up dial-up
services for people in Egypt
• Speak To Tweet, Bluetooth local networks to
share and spread videos, word of mouth
• Free proxies, VPN services, RetroShare, Tor

15. Between 2010 and 2012
• Tunisia: from 800 to 1,000
• Egypt: from 600 to 1,500
• Syria: from 600 to 15,000
• Iran: from 7,000 to 40,000
• All countries: from 200,000 to 500,000

16. Since then...

17. A quick reminder
• DNS filtering of our website
• Cut all HTTP GET requests for “/tor/...”
• Throttle SSL traffic
• Block all but port 80 and 443
• Block all public relays and bridges

18. The arms race continues
• DigiNotar and Comodo (2011): incorrectly
issued certificates for our website to a
malicious party
• China (2011): use of DPI, follow-up scanning to
determine what the connection is and if it
should be blocked
• Iran (2011): use of DPI on SSL in 2011, general
SSL block in February 2012, “halal” Internet
• Kazakhstan, Ethiopia, UAE (2012): use of DPI

19. Public key pinning
• We pinned the certificate for our website in
Google Chrome, the certificate chain must
now include a whitelisted public key
• A self-signed certificate will display a
warning and ask the user if she wants to
continue, an incorrect certificate will fail hard
• Users with XP prior to SP3 will have some
issues with SHA256 signed certificates,
including the one for torproject.org

20. Obfsproxy
• A new tool to make it easier to change how
Tor traffic looks on the network
• Rolled out in February 2012 when Iran started
using DPI to filter all SSL connections
• Requires volunteers to set up special bridges
• We are working on automating builds of the
Tor Browser Bundle with Obfsproxy
• Different pluggable transports available;
FlashProxy, StegoTorus, SkypeMorph, Dust

22. Manual blocking analysis
• Requires in-country contacts with patience,
access to Wireshark, the Tor Browser Bundle,
and a private Tor bridge
• We spend a lot of time analyzing captured
network data, try to determine the fingerprint
that is being used to block Tor, and then set
up special bridges for affected users

23. Tor censorship events
• An anomaly-based censorship-detection
system for Tor on https://
metrics.torproject.org/, also includes the Tor
censorship events mailing list
• Censorship Wiki with details about blocking
events, research, tools: https://
trac.torproject.org/projects/tor/wiki/doc/
OONI/censorshipwiki

24. ooni-probe
• A part of the Open Observatory of Network
Interference project
• Can be used to collect high-quality data
about Internet censorship and surveillance
• Runs a set of tests on your local Internet
connection to check for blocked or modified
content
• Will eventually be able to determine how
different DPI devices are blocking Tor

25. Questions?
• Support: help@rt.torproject.org
• Development: tor-dev@lists.torproject.org
• IRC: #tor and #tor-dev on irc.oftc.net
• Twitter: @torproject
• runa@torproject.org
• Twitter: @runasand