

Iran blocks Tor; Tor releases same-day fix  - bdr
https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix

======
baltcode
I thought one of the more dangerous threats in Tor was the possibility of
someone running compromised exit (or entry) nodes? Why didn't they do that
instead of blocking it?

~~~
kragen
If someone runs an entry node, they get to see the IP addresses of 1/N of Tor
users, how much data the users send and receive, and when. But they don't get
to see _what_ data the users are sending and receiving, or even what exit node
they're using. If someone runs an exit node, they get to see (and filter) what
data 1/N of Tor users are sending and receiving, and when, but they don't get
to see who those users are, or even what entry node they're using. And the
data they see can still be encrypted; e.g. connections to Gmail will use
TLS/SSL, so even the exit node doesn't get to steal your mail.

So that may be why.

~~~
mike-cardwell
FWIW, during the recent DigiNotar SSL shambles, there was evidence that some
Tor exit nodes were using forged Google certificates to MITM "secure"
connections to Googles services.

<https://twitter.com/#!/moxie__/status/110863647693221888>

------
spoiledtechie
Can someone please explain Tor? Ive never heard of it and their blog doesn't
say much about what it physically does? Is it access to the internet or just
an internal Iran Internet for the underground?

~~~
noonespecial
Tor is an anonymizer. It exists to prevent authorities, isps, or other snoops
from being able to see what web-sites you visit. Its VPN-like qualities also
make it good for circumventing blocklists that work via banned destination
site lists.

It does this by routing all(1) of your traffic through a series of constantly
shifting peers that don't keep records or logs and don't use standard http
ports.

Instead of YOU->ISP->Yahoo your traffic looks like
YOU(encryption)->BOB->ALICE->STEVE(decryption)->Yahoo. Your ISP (and therefore
your rotten government) only sees you make an encrypted connection to Bob, not
a web request to yahoo. The chain is long enough that its really tough for
anyone in the chain to figure out who you are and what your final destination
is.

(1) Tor can be tricky to set up and know its working properly for the
uninitiated. It can... _leak_ if set up wrong, and certain protocols (like all
UDP) are not well supported.

~~~
dschobel
Is there any precedent for legal prosecution against STEVE in case the
originator is browsing something more nefarious than Yahoo?

I know the "unsecured wireless AP" defense has been used with varying success
but I'm wondering if any Tor peers have ever been prosecuted...

~~~
andrewflnr
The Tor Project website has a pretty good legal FAQ.

<https://www.torproject.org/eff/tor-legal-faq.html.en>

They say they're not aware of anyone being prosecuted for running a TOR relay,
but can't make any guarantees about the future.

------
lootabooga
Well, the main hurdle isn't technology, it's always politics.

Tor might have fixed the block, but an Iranian using the system could still be
imprisoned by the government for using it...

