I use Tor and Tor-Browser a lot everyday, and latterly Tor network became extremely slow for me, much slower than it used to be. It seems that the issue arose after implementing new congestion control feature. Previously I could comfortably watch 1080p videos on Invidious/Youtube, but for the last week or so Tor can barely handle 480p. And I am not talking about one particular website, Tor seems to be much slower in general. Actually, Tor is blocked in my country, so I use shadowsocks proxy running on a VPS hosted in another country to connect to Tor network. I’ve been using this method for a long time, and it has always worked damn good for me. I tried to use obfs4 bridges instead, but in that case it is even worse.
Does anyone else experiences such problems, or, am I the only one?
I found some reddit posts with a similar problem:
I am experiencing the same problem as you are. After updating to Tor Browser 11.0.13, I get many timeouts due to pages not loading. Also, when I try to watch a video, on any site, the video tries to load, but it never plays. So, in addition to a slow Tor network, I can no longer watch any videos when using Tor.
You’re not the only one, I’ve also been experiencing the same issue as yourself and the linked Redditors (Tor being very slow since the recent update).
Thanks for the report! We are investigating this issue. It seems to be an onion services DoS.
I highly doubt that it would be related to a momentary DoS. As soon as I upgraded my system-tor to the newest version from the debian repos I noticed noticeably worse performance (I’m using snowflake by the way) even though I connected to a bunch of different snowflakes. I hope it’s just a config problem as I was super excited when I heard the work on congestion control, so I’m very disappointed to see it having negative repercussions.
Its still there, even trying to download an apk from tor repository is lingering at bursts of 2kb. One small change has knocked the service back to 2006
It’s not a “momentary” DoS, but a large event. Just check the onion services graphic:
That much traffic, it’s likely a state player, not an individual or small group.
Can we figure out who’s doing it? Do we need to start keeping track of IP addresses connecting to our routers, so the Tor team can at least point the finger at them and splash it across the media?
The status page has been updated with this ongoing issue:
Why would someone even attack the network, what do they have to gain?
sending large quantities of traffic to onion services helps a most likely state-related-actor to find the real location of a hidden service. traffic analysis for locating the data-center or someone DDoSing a hidden service to disrupt functioning (competitor of e.g. a marketplace) are likely the “gain”
how sure are we thats its an attack?
could it be an unemployed paranoid guy with no life watching movies and yt allday on tor?
if thats the case, im sry.
I was reading around last night and apparently its also useful for unmasking regular tor users. If all legit nodes have been saturated then an attacker can create malicious nodes with high bandwidth allocation meaning that nobody can use the real tor network, just the network they’ve created within tor, meaning the whole network could be reduced to a handful of machines which are all measuring time and data for correlation attacks. When you say a market do you mean like a drugs market hitting the whole network? Wouldn’t it make more sense to aim the attack directly at a competitor rather than affecting usage even for their own customers?
No, this is over 20gig of data per second, no normal activities would generate such large volumes
Back in the bad old days, I2P EEPsites were used to traffic CP, illegal pharmaceuticals, counterfeit items, etc. The devs didn’t seem especially interested in stopping it.
I used to uncover I2P EEPsites that were trafficking in CP by doing a DDoS on certain IP ranges, then seeing if the EEPsite went down or the latency increased. Then I’d successively narrow it down until I was hitting a single IP. If the EEPsite went down, that was the EEPsite’s IP address.
I uncovered a ton of EEPsites that way. They freaked out when I posted on their forum, detailing what each EEPsite was selling and that EEPsite’s public IP address. LOL
They really freaked out when I later discovered a way of forcing DNS resolution to reveal the IP address of the EEPsite. That prompted a redesign of I2P.
Nowadays, what with the huge increase in bandwidth and the tightening up of security, it’s not so easy for someone to do that… it’d require a state actor.
Is anyone else experiencing significant improvements lately?
Not sure about the improvements, but it looks even worse than before:
A few days ago clearnet sites were slow to load, but the last couple of days I’m definitely seeing decreased loading times on average. Positively surprised at this. Onion sites are usually slower though, but normally not painfully slow.
Edit: And typically, in the hours since my original post speeds have been much more unstable.
I wish, sometimes the speed seems ok but at other times I’ve had 480p videos buffer multiple times during playback.
I was too quick to report, it seems it was just a temporary relief, now it got back for me to where it was one week ago in terms of speed, especially onion services are pretty much unusable for me now.