Re: [tor-relays] Comcast blocks ALL traffic with tor relays

[Livingood, Jason via tor-relays]

>As to the blog post you mention… Your statements are very generic: now you 
>talk about "not blocking tor", but tor is not just one webpage, one server, a 
>monolithic entity. I would appreciate details: If your customer has "advanced 
>security" activated, can he connect to any ORPort of any tor  middle relay?

Fair enough. That post was in any case from 2014 and the questions are 
different today (I just used it as an example that we’re not against Tor). 
Honestly, I’m a little surprised that someone running a Tor exit node would not 
be using their own cable modem and running their own router (whether open 
source a la Openwrt or commercial). If someone wants to do stuff like run a Tor 
exit node or run a MASQUE relay or whatever, I’d recommend they turn off 
Advanced Security and manage their routing & firewall rules themselves.

>Sorry if I am a bit repetitive, but 
>https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security
> mentions "Blocks remote access to smart devices from known dangerous 
>sources.". What do you mean by dangerous sources, and does it include tor 
>relays or exits?

It may be down to the fact that “unknown” users connect to the relay/exit and 
that the average consumer user of the Advanced Security service does not want 
that. I suspect if someone wants this, it’s best to toggle Advanced Security 
off.

> I don't know whether this customer has "Advanced security" turned on, I just 
> assume he has. Do you want me to send you privately more details (my IP and 
> this peer's IP)?

Sure – I am happy to look at that confidentially. But it could be a wide range 
of other things – even basic things like someone’s router timing out external 
connections after X minutes, etc.

> So you remind me of an old joke: who should I believe, you, or my eyes? 
> Sorry, I choose my eyes. I am talking here about direction from my node to 
> Comcast. It is still possible that you don't block connections from Comcast 
> to relays, I have contradictory evidence about this point. So if your "not 
> blocking tor" means "not preventing our customer from connecting to some tor 
> relays", this could be true.

Alternatively, given the large size of our network, if we were in fact blocking 
this, then I’d expect to see this list filled with complaints and social media 
sites 
(Twitter, 
Reddit, etc.) filled with complaints. But what I see now is a single report. 
That said, I routinely look at such reports when they seem at odds with our 
network policies so as to be certain there’s not some misconfiguration or bug 
someplace.

Jason
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Do they use their own modem/router?

[Livingood, Jason via tor-relays]

BTW, feel free to refer back to my 2014 blog statement on this at 
https://corporate.comcast.com/comcast-voices/setting-the-record-straight-on-tor.

Jason

From: tor-relays  on behalf of 
"Livingood, Jason via tor-relays" 
Reply-To: "tor-relays@lists.torproject.org" 
Date: Wednesday, June 14, 2023 at 14:43
To: "tor-relays@lists.torproject.org" 
Cc: Jason Livingood 
Subject: Re: [tor-relays] Do they use their own modem/router?

This thread mentions “Advanced Security” and you can learn more about that at 
https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security<https://urldefense.com/v3/__https:/www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security__;!!CQl3mcHX2A!HeJfTFO9PYjskQKoX0pF6nd0myfZCjx1gnnXFAKVDpF_x2krlJQcBix015xoehbZcYJK4X2zGQ2b6pvQKA6Wklz1P4hIRSnkraU$>.
 This feature can only be used with a leased Xfinity gateway like the XB7 or 
XB8. There are a great many cable modems that customers can and do buy in 
retail stores that do not have such features – like the Arris S33 cable modem. 
So, a customer that has Advanced Security has in essence (1) chosen to use an 
XB gateway rather than buy their own modem & router in retail and manage it 
themselves, and (2) turned on Advanced Security.

If the customer in question that is using Advanced Security wishes to turn it 
off, they can do so in the Xfinity app (or turn the modem into ‘bridge mode’ 
and use their own router, or use their own modem).

I’m happy to help answer other questions.

Jason Livingood
Technology Policy, Product & Standards
Comcast

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Comcast blocks ALL traffic with tor relays

[Livingood, Jason via tor-relays]

Hi – Dropping into this thread from Comcast to say that we DO NOT BLOCK Tor. 
Feel free to refer back to my 2014 blog statement on this at 
https://corporate.comcast.com/comcast-voices/setting-the-record-straight-on-tor.

Jason Livingood
Technology Policy, Product & Standards
Comcast
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Do they use their own modem/router?

[Livingood, Jason via tor-relays]

This thread mentions “Advanced Security” and you can learn more about that at 
https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security. 
This feature can only be used with a leased Xfinity gateway like the XB7 or 
XB8. There are a great many cable modems that customers can and do buy in 
retail stores that do not have such features – like the Arris S33 cable modem. 
So, a customer that has Advanced Security has in essence (1) chosen to use an 
XB gateway rather than buy their own modem & router in retail and manage it 
themselves, and (2) turned on Advanced Security.

If the customer in question that is using Advanced Security wishes to turn it 
off, they can do so in the Xfinity app (or turn the modem into ‘bridge mode’ 
and use their own router, or use their own modem).

I’m happy to help answer other questions.

Jason Livingood
Technology Policy, Product & Standards
Comcast

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays