“It seems that Russia gradually enters the golden age of anonymizers,” a well-known Russian Internet expert Alexandr Plushev said [RUS] recently. This comment was a reaction to a scandal involving a Russian WiMax provider “Yota” [ENG] that blocked access to several dozen opposition Web sites. But anonymizers may not solve the issue of access to “forbidden” information online. An incident that happened just few days before “Yota” story showed how vulnerable and fragile is the concept of anonymity on the Russian Internet.

On November 24, the popular blogging platform in Russia Livejournal.com, which is owned by the Russian media company “SUP” [ENG] with tight connections to the Kremlin,  prevented everyone using Tor, a tool for anonymous online browsing,  from accessing Livejournal Web site.

Tor, as defined by its developers [ENG], is a “free software and an open network that helps Internet users defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.” The tool uses a distributed network to “prevent somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.” Data packets on the Tor network take a random pathway through several relays so no observer at any single point can tell where the data came from or where it is going.

Tor played a very important role [ENG] during the wave of protests in Iran in June 2009 helping many Iranian users to conceal their online activities and provide access to Web sites blocked by Iranian authorities.

In November, people who tried to access Livejournal blogs using Tor got the following message on their screens:

You've been temporarily banned from accessing LiveJournal, perhaps because you were hitting the site too quickly. Please make sure that you're following our Bot Policy. If you have questions, contact us at webmaster@livejournal.com with the following information: PFOL0fb1R8QvjxX @ 62.197.40.154

Blogger 14_sonde, as many members of Russian online community, wondered if the incident was about something more than just technical difficulties and anti-spammer measures:

Спамеры до этого как-то не мешали. В последнее время активизировалось несколько групп, которые троллили всякую хрень, вызывая протесты у ряда топовых писателей ЖЖ. Несмотря на то, что был предложен ряд вариантов отсечения спамеров (это легко решается на уровне стат. анализа, усовершенствования капчи, настроек) “глас общественности” был услышан и началась борьба под этим соусом с различными анонимайзерами, включая сеть tor. Вкупе с закрытием Яндекс-ТОПа это реализация планов по борьбе с гласностью и анонимностью.

Some of bloggers recalled an earlier statement by the Russian Minister of Internal Affairs Rashid Nurgaliev who urged the cancellation of anonymous online browsing [RUS] because it allows criminals to hide their identities on the Web.  Echoing his boss, the Head of Technology Department at the Ministry of Interior Boris Miroshnikov also called anonymity online an “invitation for a crime” and defined the Internet as an “unregulated space convenient for all sort of criminals.”

Tor blockage went beyond Russia and caused many complains from LJ users in other countries that block Livejournal.com. An LJ user Kizune from Kazakhstan wrote [RUS]:

Дорогой и многоуважаемый СУП не даёт мне расслабляться. Только-только я привыкла с удобством заходить в ЖЖ через TOR (прямого доступа у нас в Казахстане по-прежнему нет и, судя по всему, не светит), как СУП принялся TOR блокировать, якобы в целях борьбы с ботами…

Dear and respectful SUP doesn't let me relax. When I barely got used to comfortably visiting LJ via TOR (we still don't have an access to LJ in Kazakhstan and, as far as I can tell, we won't have it), SUP started blocking TOR allegedly to fight bots…

A blogger jin_fenghuang from China shared his feelings about the incident:

Having to find out from an error message is not cool. I am in China and I was pulling my hair hard over said error message. Thanks for making me freak out.

LJ users in the U.S. joined the crowd of upset bloggers and angrily complained about the blockage of Tor and also gave political explanation of the incident. A user James Brown, for example, wrote:

It is certainly the consequence of purchasing the LJ of Russian company “SUP” by order of Putin and FSB.

Another user marahmarie also shared the feelings[ENG] about the issue:

God help the anonymous bloggers who cannot connect any other way – their countries snoop on their IPs and so they put their own lives in danger posting from anything but an anonymized IP. This is kinda more serious than just blocking 3rd-party spam

A proactive community of bloggers started looking for ways to solve the problem with LJ access via Tor. Some users suggested using other anonymizers and proxy services in addition to using Tor. LJ users started to think about migrating to other blogging platforms.

Amid the controversy, two of the Tor developers Mike Perry and Jacob Appelbaum visited the LJ office in San Francisco, CA, to discuss the incident. Later, Jacob Appelbaum explained [ENG] that Livejournal's decision to ban Tor had nothing to do with politics:

I just had a visit to the San Francisco Livejournal office. The servers at LJ are currently being abused by two users in Russia. They are currently blocking access to all of the Tor exit nodes with a rather crufty (but effective) screen scrape of some Tor status page. They'd like to lift this ban and they'd like to see the abuse stop. They recognize that many legitimate users are now out in the cold and they'd like to allow Tor to access LJ.

The service abusing their systems is http://lj2rss.net.ru/; lj2rss provides a user with an RSS feed of their LJ friends page (normally a paid service). LJ considers this abuse and has attempted to block this service. Lj2rss was previously run through basic HTTP proxies. It has apparently evolved as a service. The lj2rss people decided to ditch HTTP proxies for the public Tor network. This has caused LJ to filter _all_ access from the Tor network as a quick hack to block their service. LJ is unhappy with this as they realize this means that many people are not able to reach LJ. They want to find a solution to this total method of blocking. They only want to stop lj2rss and not everyone who actually needs Tor to legitimately use LJ.”

Appelbaum said that Livejournal was working on blocking only the abusers and not the entire Tor network.

An LJ user dwell who worked at the Livejournal office in San Francisco, CA, added:

We've got nothing against Tor or any other anonymizers, proxies or similar services; if someone wants to protect their privacy in that way, while using LiveJournal, that is their choice and we normally respect that. in fact, in some parts of the world, services like Tor are the only way that you can even *access* sites like LiveJournal.

The problem, which we explained to Tor, was that certain users were (mis)using Tor in order to circumvent our efforts to block *those* users (not Tor). blocking the entirety of the Tor network is not a solution. at all. which is why we're trying to come up with a long-term way to block those users, regardless of which way they come in.

Indeed, Livejournal lifted the ban the next day. Jacob Appelbaum commented:

They're working on future ways to block abusers of LJ without affecting normal, legitimate users; They're pretty awesome for restoring service  for the majority of Tor users so quickly!

But the happy end did not eliminate bitterness of some LJ users. They felt that the ban was lifted due to the pressure from LJ users in the West and could not be assured that this incident would not happen again.

There are several important points about this story. It certainly showed the importance of Tor for Internet users. It also demonstrated the fragility and vulnerability of the services that provide anonymity online. In addition to classical methods of banning those services using regulations or technical “difficulties,” state actors seem to have an increased variety of other approaches at their disposal.

One of those new approaches involves efforts to discredit anonymizers though various malicious actions that are supposedly performed using those anonymous services. Another approach is to control anonymity online not through access regulation but rather through platforms that are most commonly used to access information online (e.g. purchasing a  popular blogging platform). Evgeny Morozov, a Yahoo fellow from Georgetown University, explains [ENG] how non-democratic governments use the Internet technologies for their own purposes and find new approaches to control the Web. One can expect that the two strategies described above will be used more frequently by non-democratic state actors to fight the anonymity online.

In this particular case, abusing Tor services doesn’t seem to be related to the government. The source of the service responsible for the abuse is known. The developer of “lj2rss” is Alex Alexandrov from Novosibirsk, Russia. He explained [ENG] on his blog that he had attempted several time to resolve the issue with Livejournal. In conversations with GVO, Alexandrov confirmed he had used Tor for his purposes but denied any claims that he violated the LJ “Terms of use.” He also said that his numerous attempts to contact Livejournal's owner “SUP” were not successful.

“SUP” hasn’t responded to GVO's request to get clarification about the nature of this conflict.

Another important issue here is a possibility of future abuses of online anonymous services by regular users and governments. The most common solution suggested by different online users is for Tor to hide its so-called “exit node,” an indication that users receive information via Tor network. Exit nodes can raise a red flag among companies and governments exercising online control.

Andrew Lewman, Executive Director of the Tor Project, explained GVO why exit nodes still remain open:

We publish the list of exit nodes for anyone to find.  Getting into the Tor network is accomplished by public relays or non-public bridge relays.  Governments, companies, and others have tried to block access to Tor, not exiting from the Tor network, by blocking access to the list of public relays.  As we've seen with China, Iran, Burma, Vietnam, and other countries, Tor bridges continue to work well even after state-mandated blocking.

What Tor really needs, and people have started to work on, is some way to identify the good Tor users from the jerks. From LJ's perspective, they had no other choice but to treat Tor like they'd treat my grandparent's computer; block the IP address associated with the attack.  LJ has paid accounts, and other such authentication mechanisms, so perhaps they can wait to see what a user from tor does, if they login, don't block the access.

Talking about the incident with Livejournal and a possibility to reconsider Tor's policy regarding open and visible exit nodes, Lewman said:

This is core to the design of Tor.  Right now your Tor client does not trust the network, so we have to publish all public Tor relays in the Tor Network.  Your client doesn't trust the network to avoid colluding nodes, and other attacks on anonymity.  Your client chooses the path through the network, such that only your client knows all hops and which nodes you chose.  We assume you can trust your client on your computer, if you can't trust the computer you're using, then you've already lost any anonymity.  By publishing all of the nodes, so that Tor clients can find them, anyone can run a tor client and get a listing of the nodes for whatever reason.

All of the above makes it easy to bootstrap into Tor.  After 6 years of running Tor, we're just now seeing people starting to block the public list of relays, which is why bridges exist.

We run a service that lets people find out exit nodes by port number because too many Internet services were simply blocking all of Tor, which was very much overblocking; or using a sledgehammer to kill an ant.  In many cases, they just wanted to temporarily block access to people on one port, say http, but not others, say https.  It doesn't appear LJ even used this, but instead just blocked all IP addresses associated with Tor.

It's hard to overestimate the importance of anonymity online. The Wall Street Journal recently published a story [ENG] about Iranian authorities using information on global social networks to identify and intimidate Iranians who criticize the regime.

Lewman realizes Tor's shortcomings:

Unfortunately, the attackers can use a wide range of open proxies, zombied computers, and other means to hide their identity.  It's unfortunate that legitimate Tor users get blocked because of some jerks. We're looking for help with services that can offer pseudonyms so Internet services have a better way to filter the good users from jerks coming through Tor.

It looks like Tor and other online anonymizers should prepare for a new global battle for anonymity not only with “some jerks” but with increasingly technologically effective state actors.