I believe that tor metrics counts when a connection starts, not when a connection is _established_<p>This is a important difference, because if there is active DPI that is shutting down a connection before handshake can happen, it will inflate the numbers massively.<p>I suspect what actually is happening is a ISP in UAE has deployed a DPI system that can detect the Tor TLS signature
The same rise was seen in Turkey last month. The phenomenon is caused by failed reconnect due to DPI-based censorship. See Annex A: <a href="https://turkeyblocks.org/2016/12/18/tor-blocked-in-turkey-vpn-ban/" rel="nofollow">https://turkeyblocks.org/2016/12/18/tor-blocked-in-turkey-vp...</a>
What this really indicates, bot or not, is that once you educate people, they will act in their self (and more importantly, self+others) interests. Oppressive and controlling (controlling or controling, I can never decide) regimes will try to prevent it. But it is like trying to prevent wind.<p>The wind will come. You must adapt and accept. And if you are against the wind, you must change.
This also happened in Tunisia in 2013 [0]. We believe that it was a bot. [1]<p>[0] : <a href="http://imgur.com/a/mjYsP" rel="nofollow">http://imgur.com/a/mjYsP</a><p>[1] : <a href="http://gizmodo.com/the-anonymous-internet-is-under-attack-1257343241" rel="nofollow">http://gizmodo.com/the-anonymous-internet-is-under-attack-12...</a>
The same graph with censorship events on: <a href="https://metrics.torproject.org/userstats-relay-country.html?start=2016-10-23&end=2017-01-21&country=ae&events=on" rel="nofollow">https://metrics.torproject.org/userstats-relay-country.html?...</a><p>Just on the start the spike, there are many events. Though I don't know how to find information on those events.
Just out of curiosity: How is Tor looking these days, security-wise? Does someone have a recent analysis of the attacks Tor is facing from state-level attackers currently? Just wondering if any new threats to Tor have come up in the recent years that hadn't been considered before stuff like Snowden happened.
Looks like the UAE has outlawed use of torque, and is also using DPI to block it, resulting in inflated numbers due to dropped connections and ensuing attempted reconnects.<p><a href="https://trac.torproject.org/projects/tor/ticket/6246" rel="nofollow">https://trac.torproject.org/projects/tor/ticket/6246</a>
I can't find anything blatant in the news that would explain something like this, especially of this magnitude.<p>I think it might be a botnet or something similar, although that's just conjecture at this point.
The economic incentives over TOR have really improved TOR<p>I was pulling 800k/sec the other day, pretty surprised.<p>Some circuits are still slow. But I remember not that long ago (18 months?) it was a miserable expereince
If this is an attempt by the UAE to prevent TOR connections via DPI, who would the primary target(s) be? I recognize that's an awkward question to ask of an anonymized service like TOR, but who are the actors in the UAE who might use TOR and why target them now?
Unless the massive uptick in Tor client connections can be correlated to a massive uptick in Tor client downloads its not a societal event and is more likely government sponsored.
Not that is possible to detect gender but I suspect the bulk of those users are female since they are the most repressed. <a href="http://www.thenational.ae/business/telecoms/uae-top-for-female-internet-use-in-gcc" rel="nofollow">http://www.thenational.ae/business/telecoms/uae-top-for-fema...</a>