 Nyt kaikille voidaan tulla, joten minä olen rannunut Ahmia.fi search engine, ja minä olen todella rannunut paljon tor-relatioita ja käyttää tor- ja privacy. Tor on frea softwarea ja se on frea networka käyttää, jos tarvitsee privacya. Se on tuohon tor-projekt-fondation, joka on non-governmental-organisaation, joka on fundointa ja kehittää tor. Ja, tietysti, tor on online anonymitys. Se on sensojärjestelmä, circumvention ja privacy. Tässä olen... Olen tullut, että kaikki olivat käyttäneet tor, koska olet täällä. Minulla ei pitäisi esittää, miten tor-projekt on käyttänyt, koska sinä olet testatitit paljon. Mutta, kun sinä olet, siellä on paljon onion-servisit ja joissa on tullut web-situksia, esimerkiksi kardion-situksia, jossa voidaan lähteä informaatiota järjestelmistä. Ja minä kovin nämä onion-siteiden, joten jos haluatko palaa, niin sinun voi usea ahmia.fi surjenssien tai hiddenservisversioon surjenssien. So some introduction to talk just to understand the numbers and how many users there are and words because this is relevant to how you can in some situations break the anonymity of the user. So Tor has every moment over two million users. So that's a lot, it's a good thing, it's a large anonymity set. And there are a lot of hidden services, something like 60,000. And almost 7,000 relays. So Tor network is actually huge and that's a good thing for anonymity because we need a large anonymity set. And number of relays has been growing over the years, that's a good thing. And this is pretty great, the bandwidths that the relays are using is huge. So there is a lot of traffic on Tor and Tor browser is pretty fast these days. So it's decent to use Tor browser these days because there is a lot of bandwidth for Tor. And a lot of users and we don't even know what are these huge spikes. Like this is probably some bot network but we don't actually know it. But most of the users are probably using just Tor browser. But there are something else to behind Tor network. And same thing with onion addresses. Because most of the onion addresses are not serving anything over HTTP. So there are some other services on Tor that are not websites and nobody knows what those onion addresses are actually doing. And for instance you can see over time that there was this spike where the number of onion services grow to huge and then drop it down again. And at least I don't have any ideas what that was and I think nobody knows. So how Tor works, if you are using something like Tor browser you are the allies in the picture. And you want to connect to somewhere for instance to wikipedia.org. That is by the way censored in multiple countries. So for instance if you like to use wikipedia from some country that is censoring the internet you can use Tor browser. And then you form 3 hop circuit to the wikipedia.org. So it's like chain here. And inside Tor network your traffic is encrypted. And because you are using Tor even if there is censorship to wikipedia you can get through the censorship because your traffic is going to Tor network. Hidden services or onion services are a little bit more complicated. Because they are using their own circuit because the idea is to offer anonymity to the onion address and to the user who is connecting to the onion address. And onion address only communicates through Tor network. So you cannot find where it is and you cannot relieve the real IP address of the onion service in easy way. So first somebody creates an onion address and Tor protocol is publishing or first it's selecting some random introduction points from the network. And then publishing the information about the introduction points to distributed hash table. That is like DNS service for onion services. And if Alice knows this onion address he can ask the introduction points to this onion service from the distributed hash table of the Tor. And then share the information to hidden service that I would like to connect to you through this introduction point. And Alice is selecting rendezvous point where the hidden service and for instance Tor browsers connection is going to meet the hidden service connection. And there these Alice who is Tor client and the hidden service that is Bob are going to meet in this rendezvous point inside the Tor network. And here actually this is a Tor circuit so this is not direct connection to rendezvous point because both Alice and Bob are trying to be anonymous. So there is no direct connection to rendezvous point. And after that they are able to use any service on TCP if they like. And it is said that Tor is the king of anonymity. And the information that Tor is the king of anonymity comes from interesting source. Because it's mentioned in national security slides, top secret slides. There is actually this sentence. Still the king of high secure low latency internet anonymity. There are no contenders for the throne in waiting. So in NSA slides they say that Tor is pretty good to get good online anonymity. And you can actually read more about this that the NSA is writing that they never be able to de-anomize all Tor users all the time. But sometimes they are manually able to de-anomize some small fraction of the Tor users. However no success de-anomizing user in response to Tor be request on demand. So this probably means, I'm not sure, but probably means that if they are actually looking for one target from the Tor network. That's really hard. But if they randomly, for instance, try to de-anomize some onion services, that might be possible. Because they are actually spying the most of the optic connections, like the backbone connections of the internet. And also you can see Tor in these NSA slides. This is the NSA's thread model for what people are using. So if you are using some trivial website forum, they are able to get you if there is no HDDPS. But if you, for instance, are using something like tails, they consider it catastrophic. Because it's very hard to spy people who are using live Linux tails installation that throw all the traffic to Tor. So basically if you are reading NSA slides, you will notice that encryption really works. And you should use it as much as possible. And here again, encryption works. This is basically the message from these top secret NSA slides. If you look what is the most catastrophic situation for them, you are using Tor and you are using something like ZRTP voice encryption on Linux. And we notice because Edward Snowden leaked these slides. And as you can see, he is also a Tor user. There is this sticker Tor project. So we still hear news that sometimes there are situations that Tor users are de-anomized in multiple ways. And I actually went through all the real cases where people have lost their anonymity. And wrote slides about most of them and categorized these events to four categories. There is obviously operation security. It's difficult if you try to stay anonymous. And there have been attacks against the end user device like Tor browser. And there have been attacks against hidden services, for instance popular drug markets. And there have been cases where traffic and timing correlation attacks have worked. So first one is that operation security is difficult. Especially if your threat model is that you try to stay anonymous. So anonymity is pretty hard. And if you actually read the Wikipedia article about operation security, it basically says that do not share anything. Because any information can be critical. And it's actually hard to know what piece of information is critical now or in the future. And of course online world, if you are giving some information now and it's not critical now. It can be critical information one year from now. And if you have been writing some text to some forums under anonymity. And tell something like I am living in this city. And year after that you tell something like I'm a physics student. And year after that you tell that some other detail. And you are actually giving a lot of cumulative information about who you are. And this happens pretty easily. For instance the first Silk Road. They found Ross because he actually shared a lot of information about himself. Of course he made some technical failures too. But let's look at the operation security side. He actually thought what is his time zone. And he did many shady things like ordered fake passwords from Canada. And US Custom Service actually found those. That package and noticed that there are multiple fake passwords here. And that's of course pretty bad. Because after that they were following the guy pretty carefully. And at the same time he was telling that he is ordering now these fake passwords. So if for instance police have something like this. This will definitely mean that they will carefully look what you are doing after that. If there is multiple passwords in the customs and same face and different name. And he did that. He did multiple things. He was the first one who was sharing information that there is this cool marketplace. Where you can sell and buy trucks. And he was using this Altoid pseudonym. But the Altoid pseudonym thought that he was using Ros Ulbricht email. When he was talking about this service. And he also posted questions to Stack Overflow. Where he was asking questions how to set up this. I'm running this thing on tour. I have this hidden service. I write this piece of PHP. And he was asking these questions using his real name. And after that he noticed that this is not a good idea to use my real name. And he changed then his real name to Frosty there. But if the FBI was already looking that there is this guy Rose who is writing these things. And now he has changed his pseudonym to Frosty. And there was a lot of information that this guy is doing something. And eventually the FBI arrested him. There were multiple technical mistakes. But a lot of operative security failures too. Like this. He was one of the first ones who mentioned that there is this Silk Road marketplace. And was talking about it using the identity that was closely linked to his real identity. And now we have this case. This went to court less than a month ago. The alpha pay case. So actually you can read the court files. These are public. How they were able to find the founder of alpha pay marketplace. He was actually using his real email address. The email address that is in his LinkedIn. And actually the email address tells his first name and his birth year. And it's hotmail email address. He was using it in the site alpha pay. So there was this welcoming email coming from this email address. And of course police is going to look. Okay there is this hotmail email address. And this guy was actually using the email address in the LinkedIn. And of course they arrested him and. But this is pretty bad operation security failure. Second attacks on the end user device. We have those two. For instance four years ago it was OHOM 2013. There was this attack on the same time that FBI was able to see freedom hosting service. That was hosting a lot of onion sites. And FBI know that there's they probably bought this zero day attack against Firefox. And because store browser is based on Firefox browser. They were able to use the zero day attack against store browser. And this was a piece of Javascript. And when when Javascript is enabled on Windows. It was executing this look up of Mac address. Host name and send the information back to FBI servers. And there was of course the real IP address of the user. So because store browser is based on Firefox. There are these cases that there are zero day exploits against Firefox browser. And of course you can you can use these against store browser as well. And same happened again last year. There was again Javascript exploit against store browser. And again same thing it was looking the real IP address of the user. It was executing something on Windows. And send it the real IP address to some police server. But beyond that it's actually hard to use a web browser. And keep the anonymity because you are clicking every link you find. Because that's basically what people are doing. And you are sometimes downloading for instance files. And it's hard to actually say what is safe to download. And what is not. For instance if somebody asks is it safe to download mp3 file. And if you are listening that mp3 file. Can that cause some kind of the anonymizing thing to you. And actually it can. I noticed this when I was just reading popular VLC players bug list. That there was this bug that if you open mp3 files. And there is this mp3 u file. And you can write there something like the cover image of the album. And then the player asks that can I download this image from online. And after that if you click no it will download it anyway. So there was this small bug on the most popular video player on Linux. And if you are downloading these. If this is some kind of trap. And you are using tor. And you are downloading mp3 files with m3 u file. And open it with some media player. I think this is problem with multiple media players. They will actually look the album cover from the address that is inside the m3 u file. And of course you can use this as trap to break the anonymity of the user. And this is just mp3 files. And it's not complex system. I have no idea that what is safe to open. If mp3 is not safe in general to open if you download it from the tor network. Because other formats are much more complicated than that. Okay. Then attacks on hidden services. Again famous case Silk Road. This is the first Silk Road. It was actually leaking these error messages. Which contain the real IP address of the server. So when something went wrong on the server side. It was just saying that there was this error and this is the error message. And you were actually able to read that okay there is this real public IP address. Which actually was the real IP address of the Silk Road. And even worse than that the raws just continued to run the service. With the same IP address. He noticed that okay there is this error. And he just removed the error message. But continued to use the public IP address that was already exposed. I don't know why he did that but he did that. But in many ways you can fail with hidden services. For instance it's pretty common that people set up the SSH server to hidden service. To run this same SSH server through public IP address. And if you try to connect this. For instance this is my short change and I tested this just to show. If you are connecting to my only an address. Using SSH. You can see that there is this finger print. You don't need anything else. You only see that okay there is this finger print. And if you are using ahmia.fi. And try to connect there. You see the same finger print. Which is like mathematically proven way to say that. I'm actually running this service on public IP address. And on on your address. And this will break your anonymity obviously. And web framework. Multiple web frameworks are actually treating local host. As some kind of safe zone. So if there is connections coming from local host. Many web frameworks treat them as some kind of safe connections from yourself. But tour is in your local host. So if you are running a hidden service. Everything that is every traffic is coming from local host. To that web framework. And you can see this problem with popular HTTP servers. Just as Apache has this mode. Service status mode. And if you have this installed. You are actually exposing some information about your server through this address. But this is pretty common actually. When I coded the first version of ahmia.fi search engine. I didn't have any hidden service then. But I was coding myself this admin view inside the search engine. And my idea was that I'm just. I am the only one who is able to access the server to local host. So I coded something like this. This is a short version of the code I had. It check it that if the connection is not coming from local host. Then it says that HTTP response forbidden. But if the connection is coming from local host. Then it's safe and expose the admin user interface. And okay this is pretty good code. If you are not for instance running on your address. That actually exposes your admin user interface through the onion address. And I did that mistake. And I know that multiple web frameworks are doing that mistake. And there is no documentation for everything they are doing through local host. And of course this is security catastrophe. If you have some onion address. And there is something like that admin view. And you are exposing it to internet. Fourth thing is the traffic and timing correlation attack. So in general any system that offers real time anonymity. TCP connection basically normally. You can do traffic and timing correlation attack. For instance the implementation of tor inside tor is not very relevant to this. Because if the attacker sees the traffic coming in. And traffic coming out for instance from the tor network. Or any anonymity network that offers real time TCP connections. You are able to do some kind of traffic and timing correlation attack. Sometimes it's not even that hard. For instance there is this real case. There was this Harvard student who was going to have this final exam. And he decided that he can like move the day of the final exam. If he sends a bomb threat to the university. Of course they are not going to have the final exam. If somebody sends an email that tells that there is a bomb. But he was the only one on the campus using tor. When he was sending the email. And FBI checked that there was some kind of monitoring system inside Harvard University. And because there was only one who was using tor. And this email came from the tor network. They went to ask from the student and the student confessed it. And he was arrested. Okay you can say that still the student had plausible deniability. Because if he is the only one who was using tor from the university network. That doesn't actually prove that he sent that email. But still it gives some kind of clue for instance to the FBI. That maybe this is the first guy who we should ask about this. And he confessed it so it's a clear case after that. And this is actually traffic and timing correlation attack. So if you are only one using tor from some network. And you are giving some information that I am in this network. For instance I am living in this small town. Or something like that. You can expose yourself. And in general you can do traffic and timing correlation attack. Against tor browsers and onion services. And the point is that you are able to see the traffic coming in and traffic coming out. And you can see the real IP address there. If you are for instance the entry card note some onion address. I have my own tor test network. So this is a separate network to test things like this. It's inside Finland. There is eight nodes. I am controlling half of them. So it's pretty easy for me to test traffic and timing correlation attack. And there are eight tor nodes and this forms my test network. We are doing other things too with this network. But I tested this. I created some onion services to this tor network. And after that I started to look at traffic. And I was sending a certain traffic pattern. That was basically download, not download, download, not download, download. And I was able to see that the traffic is going through different nodes. And finally looked at okay I am actually controlling the entry node. So I can see the real IP address of the hidden service. I can actually show a video about that. So what I am basically doing I am selecting some target. This is some, you probably are unable to see. But there is some onion address. And now I am downloading data from that onion address. For a while as fast as I can. And then I sleep a while and download again. And now I am looking the traffic through my tor relay. That is the entry node for this hidden service. So I can easily see that I am actually now connected to this onion address. And actually you can do this attack on tor network too. For instance well there are a lot of onion addresses. But if you are sending traffic to all onion addresses. And control some entry card node. You will be able to see probably the traffic to some onion addresses. And you are able to locate their real IP address. And it looks something like this. Problem is that we don't actually know how much traffic some surveillance organization like the NSA is able to see. But they probably cannot see all the traffic in every country. So if you are running onion address there are multiple people who are using tor. There are a large number of onion addresses. And the NSA cannot see all the traffic through internet. So probably it's safe. But still they can de-anomize some of the onion services. And it looks like that if they are doing it. Well these were the four ways to de-anomize tor. There are some alternative systems that use tor. That try to handle this situation. For instance you can use tails. It's a live linux distribution. And it's very secure focus. So everything is behind tor network. Every piece of the traffic. So even if the attacker is able to for instance launch some kind of zero day exploit against the tor browser. It doesn't help because he is still behind tor network. If he is launching some kind of attack that is communicating to network outside of the browser. Still everything, every piece of the traffic is behind tor network. And the attacker is unable to see the real IP address of the user. Ok, if the attacker is able to get the root access to tails somehow. It's hard of course. Then he is probably able to de-anomize the tails users. But that's much harder than exploit against the browser. Tails looks like that. I think, by the way how many of you have been using tails. Or at least tested it. Wow, like half of you, ok. So you pretty much know this. Another question. How many of you have tested Hoonix? Wow, some of you, I tested it too. So I think Hoonix linux distribution is taking a step further. Even further. So this is a separate gateway system that is connected to, that is routing all the traffic through tor network. And then you are running like separate desktop environment that is able to communicate to internet only through this gateway system. So as a result even if the attacker is able to obtain root access to the desktop system. Still it cannot get any information about the real host IP address. Because it's not available inside the desktop machine. And desktop machine is only communicating with separate machine, that is the gateway machine. That's actually pretty clever. And of course if you don't need real time anonymity. For instance if you want to just transfer file or build something like anonymous email mixer. That's doable because you don't need the real time connection. And you can create something like random delays. Long random delays actually. And email mixers do that. And it's pretty hard to break them because of this. So conclusion. We can look that if you want to be online and you don't want to share your real identity. You really have to be careful with something like operational security. Use it to understand the term of operation security. You shouldn't share information about you. You shouldn't even link the information or like for instance share the news links. Or something like that that could be correlated to your real identity. And it's solely your responsibility as a Tor user. Tor approach cannot really help you with that. But of course it's the responsibility of the Tor project to offer clear tutorial materials. And it's responsible for building safe and secure software. For instance the Tor project foundation is fixing Tor browser every time. Very fast if there is some zero day exploit. But it's the responsibility of the user to understand the limits of the Tor. So if you are for instance using Tor browser and you are opening some software. You download for instance some software using Tor browser. You should understand that this software can cause some kind of de-anomization attack against you. Tor still offers very good, very high level online anonymity. And mainly the best thing is that there are a lot of Tor users. Over 2 million users and there are over 60,000 onion addresses. And a lot of traffic. So fortunately for Tor monitoring a few cards or even multiple card nodes. It's not very efficient and it takes a long time to do that. So it's something that it's not very cost efficient at the moment. At least I think that way. And the probability to get some nasty card node is pretty low. The biggest problem is the user itself. Because people do mistakes like they build the largest drug markets in the world. And use their real name in the email address. And people do that, even clever people. I'm pretty sure that those guys who have built systems like Silk Road and Alpha Pay. They basically know what they are doing. But still they do mistakes. And of course the problem is that if somebody remembers something from you. They will remember the time you did that mistake. Even if you are not normally making those mistakes. And of course if you are installing some web framework to onion address. There are these privacy leaks. And usually there are these security holes in any web framework. If you are running a web framework there is some security. So of course somebody can attack against the web framework itself. So thank you. Now we have time for questions. Yes? Is there any excessive information about the mobile version of Tor? The one created for Android? Have you ever tested it? Is it reasonably secure? So I will repeat your question. So the question is about the Android version of the Tor browser. I'm using it every day. It's the only browser I have in my Android phone. But of course there are the same issues with that. For instance if you go to some website and try to actually do something there. Sometimes you have to enable JavaScript. And for instance if the site is not using HTTPS. Then the exit node will see your traffic. It's possible to see your traffic. And I think these are the hardest problems with any browser system. You have to enable JavaScript and you have to visit pages. Where there is no HTTPS. And the exit node can see your traffic. Maybe from there. We cannot be sure. I will repeat the question. So there have been these rumors that FPI did something nasty to get the Silk Road server. And there has been actually rumors that NSA was helping them. And they were doing some kind of parallel construction. During the investigation after that. Just told that we got the information about the server. Because there was this leaky error message. We don't actually know for sure what is the truth there. It was the story I thought about. I am asking something like if you do the capture system. Yeah. But we don't know. I cannot be sure how they got the information. But there was this reddit message. That Silk Road is leaking now some information. And somebody posted the information there. We don't actually know for sure. But of course it's very probable that if you are doing your own web framework. There can be always these situations that you are accidentally printing something to the end user. For instance some server logs or error message. And of course there can be something like the real IP address of the server. Or user name or email address or something like that. So is there a system like who next will traffic being reached for the server to reduce the chances of connecting your real IP address? Well I think there isn't any system like that is easy to install that way. You can try to build it yourself. But it's still a little bit problematic. Because now you are building your own system. And you can actually do more mistakes with that. If you try to do it first time. Yes. You actually can do this build reverse proxy. So to keep that one extra hop. Between the connection points of your own network. And your real hardware. Yes. So he pointed out that it's possible to do some kind of reverse proxy system. Between the connection to Tor network. And between the HTTP server. That helps probably. Yes. I remember some project I just tried to communicate to each other. But it had a function built in. That generated random Tor traffic in order to prevent the anonymization. Do you know if that has been effective so far? Or are there still methods to discover that. Because of the amount of entropy that is present in communication. So the question is. Does it help to add some noise traffic? Yes. Perhaps the entropy of the noise as itself being a signature. Could that identify that? And entropy of the noise. According to my information. It's not efficient. That's the first case. So you are actually using the bandwidth of the Tor network. To something that is not useful traffic. And because I think the other thing there is that. If you are adding noise to your real traffic. The attacker can still try to remove the noise from the traffic. Because he knows that okay there is some level of noise in the signal. So actually there are methods to try to find the real data from noise signal. And for instance if you are doing some kind of traffic correlation attack. Probably you are able to see still the traffic pattern. Even if there is a level of noise in the signal. Probably I would think so. And it's not efficient. I think that's the first point. You may be the single biggest catastrophic failure of anonymity. Was the relay early thing, the traffic labeling thing. Which basically is exposed to the addresses of a significant portion of the users. Does this mean that you consider these kinds of problems solved. Or are traffic labeling attacks something I need to watch out in the future. Traffic laboring attack. Can you give the example? Yeah, like the relay early thing. Well I think it's part of the traffic and timing correlation attack I think. But yeah you can do that. But still there are a lot of tor users. And it's hard to find a certain user from the anonymity set. I think like if you read the NSA slides. They are talking about that yeah we have these targets that are using tor. And it's hard to deanomize them. But we can deanomize some tor users. They probably try to say that if they are asking to deanomize just random tor users. They can do it. So they can deanomize tens of thousands of people. Yeah, because it's actually hard to find the real targets from there. But those NSA slides were from 2012. That's true, they are old slides. But still they don't work with magic. So I think there are still those limits to their systems and powers. Yes? What sort of people say such things? Like who is running the exit nodes? Well we don't actually know that. But still you get pretty good... Yeah it's possible that law enforcement runs exit nodes. And they probably do that. And I think there are researchers who do that for themselves. But for instance if you have HDTBS connection. Then you are pretty safe. They only see that somebody for instance if you are connecting to wikipedia.org. Through their exit node. You are only seeing that there is someone who is connecting to wikipedia.org. But they are not able to even see what is the page. And they are unable to see who is actually connecting there. So thanks to Let's Encrypt there are a lot of pages with HDTBS these days. So it's pretty safe in that way. But you have to be careful if there is some site. And you are sharing some sensitive information. There is only plain text HDTBS connection. But you should be aware of that anyway I think. You can basically assume that they are going to try to run exit nodes there somewhere. Yeah. Or consider it like open wifi network. Like somebody could be listening to that too. Yes. So the question is are there any special methods inside the tour project. To make sure that when there are updates. The updates are really coming from the tour project. And nobody can compromise the system that is sharing the updates. And I don't have answer to that question. But obviously if the attacker is able to compromise the updating methods. And send updates then he can do whatever he wants. So basically same thing if somebody compromises something like Linux update system. He is able to do anything after that. Yes. You have to ask that from someone else. I don't know how they are doing the updating system there. So yeah. Yeah. So if you are even downloading tour browser. You should check that it's the real tour browser. And from the tour project and look the signatures. You have to ask that from someone else. I don't know how they are doing the updating system there. So yeah. So if you are even downloading tour browser. You should check that it's the real tour browser. My question is, they can do that with tails probably, because tails has the real mechanism of the operating system, like of the computer and maybe other serial numbers in the operating system are exposed somehow. But can this happen with Poonix or is virtualization software isolated enough so that they cannot get serial numbers and I don't know, USB peripheral IDs and stuff like that. At least it's harder to hack Poonix with any zero-day exploit against the browser, because you probably need another zero-day exploit against the virtualization environment. Okay, which exploit? Yeah, sure. But I think the great thing here with the zero-day exploits is that if some surveillance agency is using them, they are usually able to use them only once. So it's pretty costly to them to de-anomize someone and there is, actually then there is certain kind of balance between the anonymity and criminal behavior, because they can like say that okay, we have to use one million dollars just to de-anomize some door users. So there is certain kind of balance between resources and what they are doing, so they are not probably attacking just randomly against some door users. They have to really carefully select the targets. But it doesn't apply if they aggressively use the parallel construction right, because then you never know. That's true, if they are using parallel construction then it's very hard situation. If they are just de-anomizing users at random for instance and nobody knows that, but it's illegal. Yeah, we don't know, but in many cases we have to believe that there are certain laws and society works that way, that usually people obey laws. If that counter to good opsec, assuming your opponent will lie back. Yes, it is if you are running drug markets and your opponent is something like the NSA. So technically you can prevent connections to door network and then of course door is using officiated methods to connect to door network. And you can use money to prevent every kind of officiated method to connect to network. I think it's pretty expensive to build something like Chinese Great Firewalling System, so it's not free to do that, but it's technically possible. And I think in western countries we are not going to allow those kind of systems hopefully, so you are able to use door in multiple countries. Maybe not in China, I think now these days it's problematic because they are detecting those officiated door protocols at the moment and they are at least slowing them down. Yeah, so the comment was that the Chinese Firewall was actually checking out what are the hosts that are hosting some kind of officiated pretzes to door network. And they were able to discover those hidden pretzes to door network that are set up to help people who are for instance in China. So you have to do at least some kind of active method to find out those methods to connect to door network and hopefully it's expensive to do that because it slows down the censorship. Google's cloud, there's some app there that allows reaching. Meek Proxy. Using the Meek Proxy and some civilized country that couldn't afford to block Google, tried to block Tor, then they would have to block Google Clouds and all that. So I guess that answers partly the question about blocking Tor in western countries but not of course in all countries. I think China might be blocking Google as well. Yeah, I think at the moment they are even blocking connection to Meek Proxies. I think they are detecting them somehow at the moment. So one strategy to officiate traffic is hide the traffic inside something that the censorship system cannot prevent you from using because it's too important for the country. So I think Tor has been using something like Meek Proxy for a while that was hiding the traffic inside Google apps like a connection. And China could have censorship unroiding updating system but that's too expensive for the country to prevent updates to something like Android. And if you are for instance hiding your traffic inside something like this, it's very clever method because they cannot just cut down the connections to somewhere like that. You could do it with multiple protocols. I think something like Skype is pretty clever idea because I think China is not blocking connection to Skype at the moment because it would prevent them to do business. Okay, thank you.