Opened 3 weeks ago

Last modified 5 days ago

#30636 new task

Something funky is going in Iran: numbers of relay users flies off to 1M+

Reported by: cypherpunks Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/Analysis Version:
Severity: Normal Keywords: ir
Cc: dcf, gaba, phw, mrphs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (28)

comment:1 Changed 3 weeks ago by cypherpunks

Woops, wrong component, my apologies.

comment:2 Changed 3 weeks ago by dcf

Description: modified (diff)
Keywords: ir added

Woops, wrong component, my apologies.

What component did you intend? I was thinking Censorship/Censorship Analysis, but possibly this is not related to censorship.

I added an entry on the Metrics Timeline.

comment:3 Changed 3 weeks ago by gaba

Cc: gaba added

comment:4 Changed 3 weeks ago by phw

Cc: phw added

comment:5 Changed 3 weeks ago by mrphs

Cc: mrphs added

comment:6 Changed 3 weeks ago by mrphs

I just checked from a few different networks and also asked a number of people to test it from different ISPs and it seems like everyone is able to connect directly without a bridge. I'll update the ticket if I find out more.

comment:7 Changed 3 weeks ago by mrphs

According to the reports I gathered, it seems like all ISPs except for "Pars Online" are able to connect directly.

comment:8 Changed 2 weeks ago by arma

It now seems that 1/4 of the users in the Tor network are in Iran:
https://metrics.torproject.org/userstats-relay-table.html?start=2019-05-30&end=2019-06-03

I looked at some relay extrainfo descriptors, to see if this is a fluke or what, and it looks like many relays are seeing not just a huge number of v3 consensus fetches from Iran, but also a huge variety of IP addresses fetching these consensus documents. So my current thought is that these really are a bunch of different Tor clients running in different places in Iran.

The shape of the growth makes me think it isn't many hundreds of thousands of people each one at a time deciding to install Tor Browser though. I wonder if Tor is now bundled in some software that many of them already had, and when it upgraded, they became Tor users? See for example how this happened in Ukraine two years ago, where the FreeU browser bundled a Tor client: #22369.

comment:9 Changed 2 weeks ago by arma

https://metrics.torproject.org/dirbytes.html makes it look like the directory load is growing with the recent pattern of Russian users, but not growing with the recent pattern of Iranian users. I wonder why that is.

comment:10 Changed 13 days ago by mrphs

I wonder how many of these are Orbot installations which were sitting on Android devices and now are suddenly connecting back to the network. Iranian users do have a habit of having all the censorship circumvention tools installed and try to see which one works everyday they pick up their phones. I asked Nathan to see if he can give us any statistics on how many active installation (through Google play store) we currently have in IR.

comment:11 Changed 13 days ago by cypherpunks

Tor Browser for Android without Orbot has been released. So, where are all that new users?

comment:12 Changed 13 days ago by n8fr8

Google Play reports active users of Orbot in Iran has gone from 40k to about 70k in the last two months. This is a big spike, as before we would just grow a few k per month.

Iran is our #5 country, after Russia, India, US, and Ukraine.

Now, this is only measuring users who install Orbot from Google Play. If they are getting it from somewhere else, I don't think we can see those numbers.

comment:13 Changed 13 days ago by xhdix

Some unofficial telegram applications (e.g. Bgram) use Tor.

In the past month, several unofficial telegrams were removed by Google Play Protect service from users' devices. (E.g. talagram, hotgram, mobogram)

In the past few weeks in Iran, the speed of blocking MTProxy servers has increased. So the only remaining option for the unofficial telegram application was to integrate with Tor.

This is my guess. (Also reports from unofficial telegram builders, and reverse engineering of published files in the telegram)

Last edited 13 days ago by xhdix (previous) (diff)

comment:14 Changed 12 days ago by torfone

Don't know about Iran, but for Russia this can be my Torfone (see https://habr.com/ru/post/448856/).
App: http://torfone.org/download/Torfone.apk
Core: https://github.com/gegel/torfone

comment:16 Changed 12 days ago by xhdix

@emmapeel
I think that when the increase began, it was before Tor release date:
https://metrics.torproject.org/userstats-relay-country.html?start=2019-05-13&end=2019-05-23&country=ir&events=off

https://metrics.torproject.org/userstats-relay-country.png

Last edited 12 days ago by dcf (previous) (diff)

comment:17 Changed 12 days ago by difautsch

So, according to a report released on May 30 from Iran Human Rights Watch, the Iranian government is supporting the development of a proxy tool, MTProto, so they can better 'manage' censorship circumvention.
https://iranhumanrights.org/2019/05/why-is-the-iranian-government-aiding-the-development-of-a-censorship-circumvention-tool/

I believe that the new Tor users were previously using MTProto and then realized it's not keeping their privacy from the Iranian gov.
My evidence is a decline in 'Post Reach' on May 15, the same day Iranian Tor users began to grow: https://www.dropbox.com/s/ggin9dmkobowkve/MTProto%20Post%20Reach.png?dl=0
https://www.dropbox.com/s/ggin9dmkobowkve/MTProto%20Post%20Reach.png?dl=0

I don't know what specifically triggered the switch from MTP to Tor, but a significant and sustained drop of Post Reach is definitely suspicious.

You can find all the metrics here: https://tgstat.com/channel/@MTProxies

Last edited 11 days ago by dcf (previous) (diff)

comment:18 Changed 5 days ago by xhdix

Also, according to a query from people, messages similar to the screenshot below were published in telegram groups.
In this message, installing and using Tor is trained to work on Telegram.
https://imgur.com/RqyjccN

https://i.imgur.com/RqyjccNl.jpg

comment:19 Changed 5 days ago by cypherpunks

Title should be edited as the figure is now much more spectacular. To all our Farsi friends: thanks for making it happen, we love you! <3

comment:20 Changed 5 days ago by xhdix

Yeah :D
The number of users is now more than 1 million. (1067335)

All Iranian people are grateful to the members of the Tor Project.

https://metrics.torproject.org/userstats-relay-country.png

comment:21 Changed 5 days ago by dcf

Description: modified (diff)
Summary: Something funky is going in Iran: numbers of relay users flies off to 400KSomething funky is going in Iran: numbers of relay users flies off to 1M+
Note: See TracTickets for help on using tickets.