anti-censorship-team December 2021

anti-censorship-team@lists.torproject.org

5 participants
5 discussions

Microsoft announces shutting down domain fronting attempts in Azure
by Cecylia Bocovich 18 Nov '24

18 Nov '24

It looks like Azure is going to shutdown domain fronting: https://www.microsoft.com/security/blog/2021/03/26/securing-our-approach-to… There isn't a time frame listed in the article, and I haven't gotten any notifications through my Azure account yet. Cecylia

7 9

Insufficiently many pregenerated BridgeDB captchas?
by David Fifield 15 Dec '21

15 Dec '21

For the Moat and HTTPS distributors, BridgeDB uses a cache of pregenerated captcha images. It does not generate a fresh captcha for every challenge. https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/blob/eeca27703… > ...The second method uses a local cache of pre-made CAPTCHAs, > created by scripting Gimp using gimp-captcha. The latter > cannot easily be run on headless server, unfortunately, > because Gimp requires an X server to be installed. https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/blob/eeca27703… imageFilename = random.SystemRandom().choice(os.listdir(self.cacheDir)) imagePath = os.path.join(self.cacheDir, imageFilename) with open(imagePath, 'rb') as imageFile: self.image = imageFile.read() It may be that there are simply too few pregenerated captcha images. If there are N total, and an adversary invests effort to solve n of them, then the adversary will get a captcha it knows in n / N fraction of later bridge queries, until the cache of pregenerated images is regenerated. I downloaded 1000 captcha images from the Moat API and hashed them: for a in $(seq 1 1000); do curl -s -x socks5h://127.0.0.1:9050/ https://bridges.torproject.org/moat/fetch -H 'Content-type: application/vnd.api+json' --data-raw '{"data": [{"version": "0.1.0", "type": "client-transports"}]}' | jq '.data[0].image' | sha256sum; done | tee bridgedb.hashes Out of 1000 images drawn randomly with replacement, 916 appeared 1 time 39 appeared 2 times 2 appeared 3 times We can use a capture–recapture technique to estimate the total population size. https://en.wikipedia.org/wiki/Mark_and_recapture#Lincoln%E2%80%93Petersen_e… Divide the 1000 images into 2 equal halves, and count the unique images in each half: n = 488, k = 492. The number of images in the second half that were already seen in the first half is K = 23. The estimate for N = n*K/k = 488*492/23 = 10439, so I guess the captcha cache dir on the BridgeDB server holds only about 10000 images. >>> pop = list(open("bridgedb.hashes")) >>> s1, s2 = set(pop[:len(pop)//2]), set(pop[len(pop)//2:]) >>> len(s1) 488 >>> len(s2) 492 >>> len(s1.intersection(s2)) 23 >>> len(s1)*len(s2)/len(s1.intersection(s2)) 10438.95652173913 It would be best to generate a fresh captcha image for each challenge, but if that's not possible, we should increase the number of cached images or regnerate the cache periodically.

3 2

Re: [anti-censorship-team] Snowflake (DTLS) block in Russia
by ValdikSS 07 Dec '21

07 Dec '21

Do I understand it right that if I enable the switch on https://snowflake.torproject.org/ page or install the extension in the browser, people will connect using my browser (and hence default WebRTC implementation which won’t be blocked) eventually? I can ask people to do that. On 07.12.2021 13:28, meskio wrote: > Quoting ValdikSS via anti-censorship-team (2021-12-06 18:53:55) >> There's ongoing Tor block on certain Russian ISPs, which on top of everything >> else includes Snowflake censorship using DPI. >> >> DTLS connection never establishes and gets filtered in >> ClientHello/ServerHello sequence. >> >> Check the attached dumps from Tele2 cellular operator (as12958) made on >> 3 and 6 December 2021. >> >> More information here: >> https://ntc.party/t/ooni-reports-of-tor-blocking-in-certain-isps-since-2021… > > The related issue: > https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… > > Thanks for the dumps. >

2 1

Snowflake (DTLS) block in Russia
by ValdikSS 07 Dec '21

07 Dec '21

Hello eveyone, There's ongoing Tor block on certain Russian ISPs, which on top of everything else includes Snowflake censorship using DPI. DTLS connection never establishes and gets filtered in ClientHello/ServerHello sequence. Check the attached dumps from Tele2 cellular operator (as12958) made on 3 and 6 December 2021. More information here: https://ntc.party/t/ooni-reports-of-tor-blocking-in-certain-isps-since-2021…

2 1

Snowflake (DTLS) block in Russia
by ValdikSS 06 Dec '21

06 Dec '21

Hello eveyone, There's ongoing Tor block on certain Russian ISPs, which on top of everything else includes Snowflake censorship using DPI. DTLS connection never establishes and gets filtered in ClientHello/ServerHello sequence. I wanted to attach the dump but the message got held. Visit this link for dumps and more information: https://ntc.party/t/ooni-reports-of-tor-blocking-in-certain-isps-since-2021…

1 0

2024

2023

2022

2021

2020

2019

anti-censorship-team December 2021