On Wed, Mar 18, 2015 at 12:41:55PM +0100, Philipp Winter wrote:
On Tue, Mar 17, 2015 at 06:09:00PM -0700, David Fifield wrote:
You can eyeball more examples in the omni-graph: https://people.torproject.org/~dcf/graphs/relays-all.pdf
That's a really useful overview! It would be great if we could include that on the metrics page.
Here is the source code: https://lists.torproject.org/pipermail/tor-dev/2014-October/007697.html
Is there a usual story we tell to explain what's happening? A few hypotheses:
- People use Tor at work to get their job done (work firewall blocks sites they need).
- People use Tor at work to goof off.
- People are relaxing and partying on the weekends, not sitting in front of a computer.
- People don't have good Internet at home, so they use it more at work (and Tor use just correlates with Internet use).
It looks like many of these patterns started emerging after the big botnet spike. It might be caused by infected office computers whose owners don't know that Tor is running and who tend to turn off their computers over the weekend. There are probably also infected home computers that tend to be used only over the weekend. That wouldn't explain the meek-specific pattern, though, because the botnet only used vanilla Tor as far as I know.
That's a good observation about the botnet. But I agree, it seems like too much at this point for a malware author to start building in pluggable transports, especially one that's only easily usable with Tor Browser at this point.
Apparently several countries such as Ethiopia and Uzbekistan had these weekly patterns for a long time, even before the botnet. These countries have a rather small user base and the few users might only use Tor in an office setting, like you said.
I wonder if it correlates with censored-ness. I.e., people using Tor for circumvention more than anonymity. Uzbekistan and Ethiopia are both "not free" in the Freedom House 2014 summary: https://freedomhouse.org/sites/default/files/resources/FOTN%202014%20Summary...
David Fifield