18 comments

[ 3.6 ms ] story [ 51.4 ms ] thread
Is there something wrong with the counting, or is this an actual drop in users?
Its interesting, although perhaps coincidental, that the drop occurs on the day of the Paris attacks.
(comment deleted)
If you break it down by country, you can see the same halving for every country. It is unlikely that a social reason behind this, or a botnet going down as someone has suggested. It is more likely an intentional or unintentional change in how the number of users are counted.
Or an institutional Tor user like say the NSA realized a flaw in it and executed a predetermined strategy of ceasing use uniformly in order to shroud that there is a previously undetermined weakness that they just discovered.

I'm not saying that the above situation is likely, just that it is possible.

An institutional Tor user with proportionally the same number of endpoints as all other Tor users in each country? Probably not even the NSA would qualify.
If they had this strategy ahead of time, what would stop them from rooting a proportional number of Wordpress servers in order to give this illusion? I think the better counter argument is this:

Why would they even take actions which disclose the change? Why not just change the nature of their queries?

Q: Why do the graphs end 2 days in the past and not today?

A: Relays and bridges report some of the data in 24-hour intervals which may end at any time of the day. And after such an interval is over relays and bridges might take another 18 hours to report the data. We cut off the last two days from the graphs, because we want to avoid that the last data point in a graph indicates a recent trend change which is in fact just an artifact of the algorithm.

Q: But I noticed that the last data point went up/down a bit since I last looked a few hours ago. Why is that?

A: The reason is that we publish user numbers once we're confident enough that they won't change significantly anymore. But it's always possible that a directory reports data a few hours after we were confident enough, but which then slightly changed the graph.

from the Q&A https://gitweb.torproject.org/metrics-web.git/tree/doc/users...

Edit: nvm, thanks to Caer for figuring this one out.

The drop appears to happen on Nov 13th[1], I think that period should've been fully reported.

The only event I could find in the tor repo on that day was a version bump for 0.2.7[2], but node lists don't report any usage for that version yet, so I doubt it's related.

It's all quite weird, because there seems to be no drop in consumed bandwidth in the same period[3].

[1]: https://metrics.torproject.org/userstats-relay-country.png?s...

[2]: https://gitweb.torproject.org/tor.git/commit/?id=741d2dc685a...

[3]: https://metrics.torproject.org/bandwidth.png?start=2015-11-1...

Can't know if this is indeed the case but quite a few tor alternatives are out there so this drop needn't be sinister.

This is seemingly tangential but when untargeted surveillance is used steganography beats encryption.

What alternatives? I2P is much smaller, and has only ad hoc clearnet gateways. JonDo is too small. VPNs provide much weaker anonymity than Tor does.
(comment deleted)