Doesn't Vodafone use NAT for customers? If you use mobile internet you
get a 10.x.x.x IPv4 behind NAT and a regular IPv6 with your MAC embedded
in it.
Also, don't overestimate ISPs network design, a few years ago you could
get free unlimited mobile internet via VPN because they only redirected
TCP traffic to their payment page and let UDP pass. A vendorless MAC in
their NAT could very likely trigger a DPI exception and disable traffic
shaping.
Dan Snow:
> some_guy...@safe-mail.net:
>>> Working were and are only connections without the Tor network, with
>>> unpublished bridges, and with Tails (changing the MAC address)
>>
>> That doesn't make sense. Vodafone doesn't see your Tails MAC at all. I think
>> it's unlikely that Vodafone is throttling on purpose.
>>
>> Most likely, there is some broken/misconfigured router or IDS in the path to
>> the directory servers/bridges you used. You should try to manually pick a
>> few different entry guards with different routing (check with traceroute).
>>
>> Assuming you have a network consensus (e.g. from connecting with working
>> bridges; there should be 'Browser/TorBrowser/Data/Tor/cached-microdescs' and
>> 'cached-microdesc-consensus' files), add the following to your
>> 'Browser/TorBrowser/Data/Tor/torrc':
>>
>> ----------------------------
>> UseEntryGuards 1
>> NumEntryGuards 1
>> UseEntryGuardsAsDirGuards 1
>> NumDirectoryGuards 1
>> EntryNodes 47B8A2122B924B0E54B3BDEE48DFB86E054BEB36
>> -----------------------------
>>
>> Remove any bridge-related entries from the config.
>>
>> Some fast entry guards in Germany that should have different routing:
>>
>> darkit (37.114.52.7): 47B8A2122B924B0E54B3BDEE48DFB86E054BEB36
>> chaoscomputerclub5 (80.237.226.75): 0E22366D0EB12CA0CDD3693452F43BA0A1D9D515
>> becks (5.9.123.81): E9C8154418544764619D2CCD0596B355D7DFF236
>>
>> With this configuration, you only need to connect to the the guard node and
>> don't need to connect to the directory servers (where something seems to be
>> hanging).
>>
>
> Thank you for these advises. But, I think to concentrate on one entry guard
> only could lessen the anonymity. Although the entry guards are not changed
> very often (after 30–60 days) in the standard configuration, there seems to
> be a little random selection [1]. I will have a look at this.
>
> As we all know, the IP address is no reliable identifier, but the MAC address
> identifies the device and probably its user. Otherwise it would be needless
> to disguise the MAC address in Tails. As far as I know the MAC address can be
> coded in the IP within the ipv6 protocol. So, this makes sense.
>
> As terrorists and torrorists are per se under suspicion, like criminals and
> readers of some Linux Journal [1a], they should be hindered to communicate in
> anonymity. Secret services and police agents around the world see anonymity
> and encryption as a menace of their work. And ISPs, especially the big
> players and former telcos of the state, are executing their needs [2].
> To me it doesn't seem deviously that ISPs are trying to block or impede the
> use of the Tor network ("Tor stinks" [2a]). Vodafone is advertising "Secure
> Net" which uses DPI (Deep Packet Inspection) for filtering - to make the net
> more secure [3].
>
> I am very content with the performance of the Tor network using three
> different unpublished bridges.
>
>
>
> [1] T. Elahi et al., Changing of the Guards: A Framework for Understanding
> and Improving Entry Guard Selection in Tor, WPES’12, October 15, 2012.
> [http://freehaven.net/~arma/cogs-wpes.pdf]
> [1a]
> http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
> [1a] http://daserste.ndr.de/panorama/xkeyscorerules100.txt
> [1a]
> http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance
> [2]
> http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq
> [2]
> http://www.heise.de/newsticker/meldung/Snowden-Dokumente-Britische-Geheimdienste-koennten-ueber-Vodafone-deutsche-Kunden-abhoeren-2461441.html
> [2014]
> [2]
> http://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement.html
> [2]
> https://firstlook.org/theintercept/2014/11/20/vodafone-surveillance-gchq-snowden/
> [2014]
> [2]
> https://blog.torproject.org/blog/tale-new-censors-vodafone-uk-t-mobile-uk-o2-uk-and-t-mobile-usa
> [2012-01-17]
> [2a]
> http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
> [2a]
> https://edwardsnowden.com/wp-content/uploads/2013/10/tor-stinks-presentation.pdf
> [2a]
> http://www.heise.de/newsticker/meldung/Neues-von-der-NSA-Tor-stinkt-1972983.html
> [3]
> https://netzpolitik.org/2014/waschmaschine-im-netz-wie-telekom-und-vodafone-deep-packet-inspection-als-feature-verkaufen/
> [3] http://securenet.vodafone.com/index.html
> [3] https://twitter.com/usefulthink/status/590817159351242752
> [3]
> http://www.webscalenetworking.com/topics/webscalenetworking/articles/404274-vodafone-germany-offers-new-secure-net-service.htm
> [2015-06-01]: "Allot Service Gateways, which are high-performance DPI-based
> platforms that enable deployment of new digital services in fixed, mobile and
> cloud networks"
> [3]
> http://www.allot.com/press-release/vodafone-germany-makes-web-surfing-secure-with-allot-websafe-personal/
> [2015-05-26]
> [3]
> http://www.iptegrity.com/index.php/net-neutrality/600-how-vodafone-censors-your-internet
> [2011-01-06]
> [3]
> http://www.rawstory.com/2011/01/vodafone-confirms-role-egypts-cellular-internet-blackout/
> [2011-01-28]
> [3]
> http://broabandtrafficmanagement.blogspot.com/2010/11/dpi-deployment-41-vodafone-uses-dpi-and.html
> [2010-11-18]
>
> C. Fuchs, Implications of Deep Packet Inspection (DPI) Internet Surveillance
> for Society, The Privacy & Security - Research Paper Series 1, 2012 (2013)
> [http://www.projectpact.eu/privacy-security-research-paper-series/%231_Privacy_and_Security_Research_Paper_Series.pdf]
>
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
