Already posted here, but there was some development. And "tech" is more suitable sub.
So, they probably block ALL traffic to at least some public tor relays, even tor-unrelated traffic and even to non-exit relays. This is a feature of the firewall in the router/AP they supply, they call it "Advanced security". It is on by default, but can be turned off. And
There are definitely popups all over the place telling me to turn it on
says a 2nd Comcast customer (CCB) who contacted me. What does blocking tor relays have to do with security? I would understand blocking Tor exit nodes, but relays? They effectively say that tor relays are a security threat.
How I tested: I have a lightning channel with a Comcast customer (will call him CCA), my lightning node is connected to his, my tor relay not running. I start tor relay, and still can connect during the following 9 hours. But then, all my connection attempts fail with timeout. I checked using my mobile connection (so from another IP, not blacklisted because of this scary tor), and I can connect, so CCA is online. All tests done by
socat -dd - TCP4:<node_ip_addr>:<node_port>
. Done this test at least twice (first time by error :) , forgot to include BridgeRelay 1
in torrc after getting new external IP addr, so I was still running a public relay) with similar result - CCA disconnected after few hours.I also wrote more on tor-relays mailing list, this is my initial post, seems EFF is getting involved, but the EFF's post is still awaiting moderation I think. People expressed some doubts, especially this one says he runs relays on Comcast network. Maybe Comcast only blocks non-Comcast relays?
So by running a tor relay, you risk being "punished" by Comcast. Forget Bitcoin and Lightning: self-hosted website or any other server, if it runs a tor relay on the same IPv4, risks being cut off from most Comcast customers. I guess majority will not opt out of mentioned protection.
Any Comcast users who would run further tests? Probably better if you don't have lightning node or another high uptime use-case, would like to test with this "Advanced security" turned on and off, it may disrupt your connections.