Hi folks, Over the past few months the number of bridge users has spiked, most prominently in Italy, but also plenty in Spain, Brazil, Israel, and others. https://metrics.torproject.org/users.html#bridge-users https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=it#bridge-users https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=es#bridge-users https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=br#bridge-users https://metrics.torproject.org/users.html?graph=bridge-users&start=2011-06-05&end=2011-09-03&country=il#bridge-users I believe it started out with a Tor bundle that somebody made that had three bridges pre-configured -- we found a torrc file along with an unofficial Windows Tor bundle. At the beginning, those few bridges had tens of thousands of users each, and that was it. Since then, we've seen an enormous spike in automated connections to https://bridges.torproject.org/ -- more than a million requests an hour. Now just about every bridge that's given out via the https pool (as opposed to the gmail pool or the reserve pool) is seeing many many thousands of users from Italy and these other countries. It seems clear that somebody's unofficial Tor bundle automatically grabs some bridges for its users, and that this somebody didn't understand the notion of being polite to a remote service -- I think each user is hitting the bridges page roughly every 30 seconds. We've taken steps to defend the bridgedb service from this overload. And I can imagine further steps, like finally rolling out a captcha on that page, to block people from using it like a remote API (which I always thought was kind of a neat option). Or heck, just moving to a different URL and abandoning that one. But the question first is: what's going on? Can those of you near or in these countries please ask around and try to get some answers? I don't think it's a censoring adversary trying to collect the list of bridges. For one, it's way overkill; for another, why use the bridges afterwards? I don't think it's malware or some automated botnet that happens to use bridges -- if it were, we should be seeing spikes in well-connected countries like Japan. --Roger _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE