Microsoft Clarity exposes AI bot traffic with new visibility dashboard: Microsoft Clarity launched Bot Activity tracking on January 21, 2026, revealing which AI systems crawl websites and how automated traffic affects infrastructure performance. https://ppc.land/microsoft-clarity-exposes-ai-bot-traffic-with-new-visibility-dashboard/ #MicrosoftClarity #AIBotTraffic #DigitalMarketing #WebAnalytics #TrafficAnalysis
#trafficanalysis
Visualize where your traffic goes - without revealing who you are.
Whonix’s Tor Connection & Destination Viewer (`tor-ctrl-observer`) adds transparency while preserving strong anonymity.
#Whonix #NetworkSecurity #TrafficAnalysis #PrivacyTools #Anonymity #CyberDefense #SecureSystems
Here’s a summary in English of the Habr article **“How Censorship Works from the Inside: A Look at the Leaked Chinese Firewall (Blocking Tor, VPN, Traffic Analysis)”**:
The article by Femida Search delves into a massive leak (about 500 GB) of internal logs and documents linked to China’s Great Firewall (GFW), revealing how censorship is not just blunt blocking but a sophisticated, dynamic system. (Habr)
Key Technical Mechanisms Exposed:
**TSG-X System**
A central “black box” (TSG-X) is installed at ISPs, controlled by the state. It inspects all user traffic. (Habr)
It supports **remote-updatable filtering rules**. When a new topic becomes sensitive (e.g. a protest or “forbidden” concept), authorities can push a new block rule to all or some providers. (Habr)
The system operates in two modes: *mirrored* (passive mirroring of traffic for analysis) and *in-line* (active filtering and blocking before traffic reaches its destination). (Habr)
**Deep Packet Inspection (DPI)**
TSG-X uses DPI to detect VPN handshakes, Tor connections, and other “anomalous” encrypted traffic based on signature patterns. (Habr)
Even if the system can’t recognize the exact application, it can mark unusually large flows as suspicious and, after enough time, block them automatically. (Habr)
**User Profiling & Reputation Scoring**
The leak includes references to a “reputation score” system that may penalize users for “bad” online behavior. (Habr)
This score could affect access: low-scoring users might lose their internet service, requiring identity verification to restore it. (Habr)
The system tracks VPN usage, classifies it, and can respond aggressively to new or unknown VPN providers. (Habr)
**AppSketch System**
Geedge (the company behind this system) builds signature databases of applications. This lets them block or allow specific apps (e.g. VPNs) via pre-defined “fingerprints.” (Habr)
Their toolset includes both **static and dynamic traffic analysis**, so they analyze real app behavior to generate these fingerprints. (Habr)
**Code Injection**
The censorship hardware (TSG-X) can inject malicious JavaScript or CSS into web pages, as well as malware into binary downloads. (Habr)
This gives the system not just passive visibility but active control over user traffic contents. (Habr)
**Network Management & Monitoring**
The system provides a dashboard called **Network Zodiac** (Nezha), akin to Grafana, for real-time network monitoring. (Habr)
Network admins can SSH into nodes, view network health, bandwidth usage, and apply or revert blocking rules. (Habr)
**Tor Blocking**
The leak reveals attempts to block Tor, especially mobile versions. (Habr)
When Tor is detected, the system forces users away from normal Tor tunnels (like default relays) to Snowflake, which makes it harder to fingerprint. (Habr)
China also maintains a whitelist / blacklist of VPN providers using AppSketch to decide which VPNs are “allowed” and which should be blocked. (Habr)
Bigger Picture & Implications:
The censorship system is **modular and highly dynamic** — new rules and filters can be deployed quickly to respond to emerging threats or sensitive topics. (Habr)
Censorship here isn’t limited to blocking sites: it's about **persistent surveillance**, behavioral scoring, and reactive suppression.
The ability to inject code into traffic means that the system isn’t just filtering — it can **modify content**, which raises serious security and privacy concerns.
The presence of reputation scoring loosely resembles a **social credit system** tied to internet behavior, though the leak doesn’t confirm full deployment at the individual-citizen scale. (Habr)
Because the system is built into ISPs and uses hardware, it is **scalable and exportable** — making this kind of censorship potentially a model for other authoritarian regimes.
If you like, I can turn this into a **short explainer for non-technical readers** (e.g. for social media or a blog) — нужно сделать?
**Bibliography / Sources**
Femida Search. *How Censorship Works from the Inside: A Look at the Leaked Chinese Firewall (Blocking Tor, VPN, Traffic Analysis)* — Habr. https://habr.com/ru/companies/femida_search/articles/966980/
Leaked Geedge / TSG-X internal logs and documentation (2024–2025).
Citizen Lab — reports on China’s network interference architecture.
Tor Project — research on global censorship and active probing by GFW.
GreatFire.org — monitoring of China’s censorship infrastructure.
Freedom House — Freedom on the Net: China.
OONI (Open Observatory of Network Interference) — empirical measurements of Tor/VPN blocking in China.
**Hashtags**
#China #GreatFirewall #Censorship #Surveillance #Tor #VPN #TrafficAnalysis #DPI #CyberSecurity #InternetFreedom #OpenSource #DigitalRights #Privacy #RepressionTech #NetworkControl
Microsoft Clarity adds city and state metrics to dashboard cards: Microsoft Clarity launched city and state analytics on dashboard cards October 22, enabling regional traffic analysis without filter navigation for local businesses. https://ppc.land/microsoft-clarity-adds-city-and-state-metrics-to-dashboard-cards/ #MicrosoftClarity #Analytics #DigitalMarketing #LocalBusinesses #TrafficAnalysis
ChatGPT traffic underperforms Google in e-commerce study: Research analyzing 973 websites finds ChatGPT referrals lag traditional channels in conversion rates despite favorable bounce rates across $20 billion in revenue. https://ppc.land/chatgpt-traffic-underperforms-google-in-e-commerce-study/ #ChatGPT #Ecommerce #DigitalMarketing #ConversionRates #TrafficAnalysis
🌐 HTTPS hides content—but traffic still leaks patterns. ISPs & trackers can infer who you connect to, when, and how often. Even VPNs can’t fully hide this: they mask your IP but not your traffic fingerprint.
🛡 Advanced tools (like mixnets) are working on anti-traffic-analysis protections, but for now:
• Use encrypted DNS
• Combine VPNs with Tor for sensitive activity
• Vary your habits online
ChatGPT traffic reaches 0.19% while Google maintains 41.9% share: New Ahrefs analysis tracking 44,421 websites reveals ChatGPT capturing 0.19% traffic share with 5.3% monthly growth versus Google's 41.9% dominance and 1.4% growth. https://ppc.land/chatgpt-traffic-reaches-0-19-while-google-maintains-41-9-share/ #ChatGPT #Google #TrafficAnalysis #SEO #DigitalMarketing
Change your network timing patterns to avoid behavioral fingerprinting.
#TimingObfuscation #BehavioralFingerprinting #TrafficAnalysis
Released a new tool, packet-monkey:
https://github.com/timb-machine/packet-monkey
Packet Monkey is a tool to filter and classify PCAPs using Wireshark filters. I use it for layer 2/3 traffic analysis on engagements.
Global mobile operating systems divide follows geographic lines, traffic analysis reveals: A comprehensive analysis of worldwide iOS and Android traffic distribution shows stark regional variations in mobile OS adoption. https://ppc.land/global-mobile-operating-systems-divide-follows-geographic-lines-traffic-analysis-reveals/ #MobileOS #iOS #Android #TrafficAnalysis #GlobalTech
HEX64, a US-based NOC company, excels in network performance management through real-time monitoring, traffic analysis, and proactive issue resolution. Our comprehensive solutions ensure optimal network efficiency, minimize downtime, and enhance security, keeping your business operations seamless and reliable. Trust HEX64 for expert network performance optimization.
#NetworkPerformanceManagement #HEX64 #USBasedNOC #RealTimeMonitoring #TrafficAnalysis
The lesson: If there is a backdoor, someone will find it. Then it is not really a secret backdoor that only the criminals know about.
Slips and the AI VPN presented at the 20th DIMVA Tool Arsenal in Hamburg, Germany
#freesoftware #infosec #cybersecurity #trafficanalysis #intrusiondetection #endpointsecurity
@sadiedoreen
By the way, we have been using DFCA #bigTechBlocker and found that a concerning number of #bigTech firms are running #I2P nodes. One is (very conspicuously) running both #Tor (non-bridging nodes) and I2P nodes.
Are you aware of this?
https://link.medium.com/znAEy2bXXxb Mizu has been renamed to KubeShark; a single-binary K8S network traffic analysis tool. #Kubernetes #WireShark #TrafficAnalysis
Also our testing indicates #Tor is #censorable and there is active censorship in the network, especially when #trafficAnalysis may be able to identify who is using a connection.
We have tried multiple times to use #OnionShare and the connection cuts out about 1MB into the download everytime.
So its not just #exitNode related.
This means Tor is no longer able to protect #whistleblowers and #journalists in #Australia (elsewhere?).
Seems #I2P is a way forward.
Practical #tshark filters for network traffic analysis:
https://gist.github.com/verovaleros/ccaefe5c686a1b0b7f2cade529b0eed5
#PacketCapture #PacketAnalysis #networking #networktrafficanalysis #tsharkfilters #trafficanalysis
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst