- anti-censorship-team - lists.torproject.org

Question about snowflake security
by Luna Manaugh 23 Sep '22

23 Sep '22

Hi there, I don't have a background in programming. Would you care to explain to me in plain language and convincing evidence that it is entirely safe to volunteer for snowflake to help those in heavily censored countries access internet? How's that possible if they can anything with my IP? While I read this on your website, I'm not quite sure I understand what it means: "There is no need to worry about which websites people are accessing through your proxy. Their visible browsing IP address will match their Tor exit node, not yours". Best Luna Sent from Yahoo Mail on Android

2 1

TorCloak Pluggable Transport
by Francisco Silva 06 Sep '22

06 Sep '22

Good evening, My name is Francisco Silva and, together with Professor Nuno Santos and Professor Diogo Barradas, am part of a research team [1] within the Distributed Systems Group at INESC-ID Lisbon [2]/IST [3]. Our research focuses on _systems security and privacy._ We are currently developing a new Tor Pluggable Transport called TorCloak. TorCloak's basic mechanism is to conceale Tor traffic on the video streams of WebRTC-based video conferencing services. We are now coming to a stage on our project in which we are discussing solutions to disseminate our bridges. In the attached file we present a small draft of our proposed solution. This solution is geared towards leveraging the bridge distribution infrastructure already made available by the Tor project and make the process of establishing a bridge connection as simple as possible for the user. We would appreciate your feedback on this solution and, if possible, work with us through the limitations and technicalities of such implementation. Please let us know if you have any questions. You can reach us via email or Matrix. Looking forward to working with you. -- Best regards, Francisco Silva franciscoasilva(a)tecnico.ulisboa.pt @fsilva800:matrix.org web.tecnico.ulisboa.pt/franciscoasilva Links: ------ [1] https://syssec.gsd.inesc-id.pt/ [2] https://inesc-id.pt/ [3] https://tecnico.ulisboa.pt/en/

6 6

Introducing a Conjure PT for Tor
by Cecylia Bocovich 31 Aug '22

31 Aug '22

Conjure[0] is an anti-censorship tool in the refraction networking (a.k.a. decoy routing) lineage of circumvention systems. The key innovation of Conjure is to turn the unused IP address space of deploying ISPs into a large pool of "phantom" proxies that users appear to connect to. Due to the size of unused IPv6 address space and the potential for collateral damage against real websites hosted by the deploying ISPs, Conjure provides a possible solution to the problem of censors enumerating and blocking deployed bridges or proxies. I've been working with Jack Wampler and Eric Wustrow at the University of Colorado to implement a Conjure PT for Tor that uses the existing deployed Conjure stations[1]. # How it works Conjure clients first perform a registration step with the Conjure station to negotiate a phantom IP address to connect through. The idea of a registration phase that precedes the proxied connection is common among anti-censorship tools, including Snowflake. Like Snowflake, there are a few options for making the registration process censorship-resistant. Conjure currently offers unidirectional registration via Tapdance[2] decoy routing, and bidirectional registration via domain fronting. Once the client and station have negotiated a phantom IP address, the client makes a connection to the phantom address. The Conjure station sees this connection and instead proxies traffic using the haproxy[3] protocol to a client-specified destination. Conjure currently supports 3 different transport options for the connection between the client and the phantom proxy: a minimal SSH-based transport, obfs4, and webrtc. The Tor conjure pluggable transport[4] uses the gotapdance library[5] to register and connect to the production Conjure station through the negotiated phantom IP address. We have a deployed Tor bridge (named Haunt) that accepts haproxy connections from an allowlist of known Conjure stations. You can see details and usage metrics on Relay Search: https://metrics.torproject.org/rs.html#details/A84C946BF4E14E63A3C92E140532… # Next steps This PT is currently in development and only recommended for testing. We still have some work to do before the Tor Conjure PT can be rolled out to a large user base. The PT in its current form is very minimal in its features. We're reaching out to the development community now for initial feedback and testing. We are planning a slow ramp of client traffic to avoid placing stress on the stations and improve the reliability and censorship resistance of our setup. Immediate planned work includes: - securing the haproxy connection between the Conjure station and the bridge - making the registration connection censorship resistant - ongoing testing and development of the obfs4 transport integration - usability improvements and resilience in the event of overloaded Conjure stations - reproducible builds for Tor Browser For more details, check out the issue tracker for this project[6]. We have a milestone for shipping conjure support in alpha version of Tor Browser[7], which is the next major step in the rollout process. # Try it out yourself Instructions for cloning and building this PT are in the repository[4]. In the client/ directory there are two provided torrc files. For testing the production Conjure deployment, you may use the one named `torrc`. The other file, `torrc-testing` is for use with the libvirt-based testing and development environment[8]. Successful bootstrapping can take a few tries due to high load at the station. More detailed log messages will be written out to a log file conjure.log by default. This can be changed by modifying the -log argument in the ClientTransportPlugin line of the torrc file. If the station is overloaded, you will see a message like the following in conjure.log: ``` [11:32:12] [1-d9b572] failed to dial phantom [scrubbed]: dial tcp [scrubbed]: i/o timeout ``` Please try it out, open issues, ask questions, provide feedback! # Thanks! Thanks again to Jack and Eric for their efforts on this project, and to whole team of Conjure researchers, developers, and admins for their work on deploying Conjure and making it available for use. [0] https://censorbib.nymity.ch/pdf/Frolov2019b.pdf [1] https://censorbib.nymity.ch/pdf/Frolov2017a.pdf [2] https://censorbib.nymity.ch/pdf/Wustrow2014a.pdf [3] https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt [4] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… [5] https://github.com/refraction-networking/gotapdance [6] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… [7] https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… [8] https://gitlab.torproject.org/cohosh/phantombox

1 0

test gettor reimplementation
by meskio 22 Jul '22

22 Jul '22

Over the last few months we have being working on reimplementing gettor as part of rdsys[0]. As a last step before moving it into production we are testing that everything works fine. You can help us testing it and telling us if everything works as expected or something could be improved by sending emails to it at: gettor-test(a)riseup.net The links provided should work, but they are not located in the official gettor places. You can find the documentation on how to use gettor at: * https://gettor.torproject.org or * https://support.torproject.org/censorship/gettor-2/ * or sending an email with the word help to gettor-test(a)riseup.net Thank you. [0] https://gitlab.torproject.org/tpo/anti-censorship/rdsys/ -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

OONI stunreachability measurements from Russia
by David Fifield 19 May '22

19 May '22

I spent some time looking for the cause of high rates of anomalies in OONI's torsf test: https://explorer.ooni.org/chart/circumvention?since=2022-04-06&until=2022-0… I looked at the recently available (https://github.com/ooni/backend/issues/573) stunreachability measurements, to test whether the Snowflake connections were failing at the STUN phase. In summary, 3 of the pool of 12 STUN servers are inaccessible in Russia. One of them is blocked by censorship in Russia, and the other two look like geoblocking of Russian clients by the STUN service. I don't think the loss of 3 STUN servers is likely to be a cause of many connection failures; therefore I think the explanation lies elsewhere. Here are the charts: https://explorer.ooni.org/chart/mat?probe_cc=RU&test_name=stunreachability&… stun.voip.blackberry.com and the IP address 178.239.90.248 are on the unified register of blocked sites, the entry dated 2017-04-28: https://reestr.rublacklist.net/record/530002/ Here's a measurement showing the test timing out: https://explorer.ooni.org/measurement/20220224T192519Z_stunreachability_RU_… stun.stunprotocol.org is not on the unified register as far as I can tell, nor are its IP addresses 18.191.223.12 and 2600:1f16:8c5:101::108. This domain resolves to 127.0.0.1 or ::1 for requesters located in Russia. Here's a sample measurement: https://explorer.ooni.org/measurement/20220224T111232Z_stunreachability_RU_… Using ooni-sync, we can see that the domain resolves incorrectly only in Russia and Ukraine: $ ./ooni-sync -directory stunreachability test_name=stunreachability since=2022-05-18 until=2022-05-19 $ jq -r 'select(.test_keys.endpoint=="stun.stunprotocol.org:3478")|[.probe_cc,(.test_keys.queries[].answers[]?|(.ipv4? // .ipv6?)),.probe_network_name,.test_keys.failure]|@tsv' stunreachability/* | sort ... IT 18.191.223.12 2600:1f16:8c5:101::108 Vodafone Italia S.p.A. IT 18.191.223.12 2600:1f16:8c5:101::108 Vodafone Italia S.p.A. KZ 18.191.223.12 Kar-Tel LLC LK 18.191.223.12 2600:1f16:8c5:101::108 Mobitel Pvt Ltd LT 18.191.223.12 2600:1f16:8c5:101::108 Telia Lietuva, AB MX 18.191.223.12 2600:1f16:8c5:101::108 Mega Cable, S.A. de C.V. MX 18.191.223.12 Mega Cable, S.A. de C.V. NL 18.191.223.12 2600:1f16:8c5:101::108 T-Mobile Thuis BV RU 127.0.0.1 ::1 Cloudflare, Inc. generic_timeout_error RU 127.0.0.1 ::1 Iskratelecom CJSC generic_timeout_error RU 127.0.0.1 ::1 JSC "ER-Telecom Holding" generic_timeout_error RU 127.0.0.1 ::1 JSC "ER-Telecom Holding" generic_timeout_error RU 127.0.0.1 ::1 JSC "ER-Telecom Holding" generic_timeout_error RU 127.0.0.1 ::1 Novotelecom Ltd generic_timeout_error RU 18.191.223.12 PJSC "Bashinformsvyaz" SE 18.191.223.12 2600:1f16:8c5:101::108 Telia Company AB SE 18.191.223.12 Vetenskapsradet / SUNET SG 18.191.223.12 2600:1f16:8c5:101::108 Leaseweb Asia Pacific pte. ltd. TW 18.191.223.12 2600:1f16:8c5:101::108 <unknown> TW 18.191.223.12 2600:1f16:8c5:101::108 <unknown> UA 127.0.0.1 ::1 Virtual Systems LLC generic_timeout_error US 18.191.223.12 2600:1f16:8c5:101::108 AT&T Services, Inc. US 18.191.223.12 2600:1f16:8c5:101::108 AT&T Services, Inc. US 18.191.223.12 2600:1f16:8c5:101::108 CABLE ONE, INC. ... stun.altar.com.pl is not on the unified register, nor is its IP address 176.119.42.11. Its failures only start on 2022-03-09. Its domain usually resolves correctly, but in Russia the actual STUN phase usually results in a timeout: $ jq -r 'select(.test_keys.endpoint=="stun.altar.com.pl:3478")|[.probe_cc,(.test_keys.queries[].answers[]?|(.ipv4? // .ipv6?)),.probe_network_name,.test_keys.failure]|@tsv' stunreachability/* | sort | grep RU RU 176.119.42.11 Cloudflare, Inc. RU 176.119.42.11 Iskratelecom CJSC generic_timeout_error RU 176.119.42.11 JSC "ER-Telecom Holding" generic_timeout_error RU 176.119.42.11 JSC "ER-Telecom Holding" generic_timeout_error RU 176.119.42.11 JSC "ER-Telecom Holding" generic_timeout_error RU 176.119.42.11 Novotelecom Ltd generic_timeout_error RU 176.119.42.11 PJSC "Bashinformsvyaz" generic_timeout_error But there are also errors for networks in Spain, Hong Kong, Indonesia, and the United States: $ jq -r 'select(.test_keys.endpoint=="stun.altar.com.pl:3478")|[.probe_cc,(.test_keys.queries[].answers[]?|(.ipv4? // .ipv6?)),.probe_network_name,.test_keys.failure]|@tsv' stunreachability/* | sort | grep error ES 176.119.42.11 Orange Espagne SA generic_timeout_error HK Hong Kong University of Science and Technology generic_timeout_error ID Telekomunikasi Indonesia (PT) generic_timeout_error RU 176.119.42.11 Iskratelecom CJSC generic_timeout_error RU 176.119.42.11 JSC "ER-Telecom Holding" generic_timeout_error RU 176.119.42.11 JSC "ER-Telecom Holding" generic_timeout_error RU 176.119.42.11 JSC "ER-Telecom Holding" generic_timeout_error RU 176.119.42.11 Novotelecom Ltd generic_timeout_error RU 176.119.42.11 PJSC "Bashinformsvyaz" generic_timeout_error US 176.119.42.11 2607:7700:0:18::b077:2a0b T-Mobile USA, Inc. generic_timeout_error US 176.119.42.11 2607:7700:0:1f:0:1:b077:2a0b T-Mobile USA, Inc. generic_timeout_error US 176.119.42.11 2607:7700:0:7::b077:2a0b T-Mobile USA, Inc. generic_timeout_error US 176.119.42.11 T-Mobile USA, Inc. generic_timeout_error US 176.119.42.11 T-Mobile USA, Inc. generic_timeout_error To me this looks like selective denial of service to certain client networks. Last weeks discussion on this topic: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-05-12-15.58.log…

1 0

Recommendations to monitoring snowflake-proxy standalone
by Jacobo Nájera 29 Apr '22

29 Apr '22

Hi, I'm thinking about how is the best way to monitor snowflake-proxy standalone with an ansible role. What tools or approaches do you recommend for monitoring, and which indicators do you consider important to keep in mind. Thanks, Jacobo

1 0

Request for Comment on Distributed Snowflake Bridge Design
by Shelikhoo 22 Mar '22

22 Mar '22

Hi anti-censorship team and others, We are in the process in increase the scalability of the snowflake bridge. Here is the design I have drafted for informing proxy about which WebSocket address it should connect to and the security issue associated with that. https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Comments are encouraged so that the design can be improved before moving to the next stage. Shelikhoo

1 0

Rust port of extor-static-cookie
by David Fifield 01 Mar '22

01 Mar '22

As an experiment to wring more performance from the snowflake bridge, I started a rough port of the extor-static-cookie shim to Rust. It's not in what I would call a production-ready state with regard to documentation and tests—I wanted to hack something together quickly in order to decide whether it's worth spending more time on. I am also pretty new to Rust async programming. As a side consideration, I wanted to get an idea of what a pluggable transports library for Rust might look like. https://gitlab.torproject.org/dcf/extor-static-cookie/-/tree/rust Currently commit 559fb5e292b45d82464bdaf978c6e1783c796e3d I have the Rust implementation running now (since 2022-02-27 03:00) under the flakey4 instance. The other three instances are running the Go implementation. It's too early to say whether it reduces CPU usage; an hour after being restarted, the flakey4 instance is still catching up to the traffic of the other instances. But it looks like it's stable and functional, at least.

2 2

bridgedb+rdsys test setup
by meskio 28 Feb '22

28 Feb '22

For the last few months I've being working on integrating rdsys with bridgedb, so bridges are managed by rdsys and bridgedb only does the distribution (https, moat and email)[0]. There will not be any visible changes, but all the insides are different. Thanks to the TPA work now we have a testing setup of the new setup to test it. If you want to test it I'll be happy to hear if you find any issues with it. As this is distributing real bridges only people with accounts in TPO LDAP has access to it. How to access the different distributors: * email. Just write an email to bridges-test(a)torproject.org from your @torproject.org email, and should get a reply with bridges. * https. The web interface is available at https://bridges-test.torproject.org, but only reachable from people.torproject.org. You can make a ssh proxy: $ ssh -D 9999 people.torproject.org and configure your browser to use a SOCKS proxy at localhost with port 9999. * moat. This is reachable the same way that https only from people.torproject.org. Is a bit more complicated to test, but I will stress test it myself :) I wrote I simple script to do the moat captcha request and solution: https://gitlab.torproject.org/-/snippets/127 It's run like: $ MOAT_URL="https://bridges-test.torproject.org/moat" CURL_OPTIONS="--socks5 localhost:9999" ./test-moat Thank you. [0] https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/12 -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

2 5

Surge in Snowflake client polls
by Cecylia Bocovich 28 Feb '22

28 Feb '22

While looking at the snowflake broker metrics for clues about the sudden drops in known proxy NAT types[0], I noticed that the broker metrics show a very large spike in client polls over the last day. I've attached a few graphs that show this, which probably won't have showed up in tor relay metrics yet. One of the graphs is the usage of proxy capacity, which shows a rise in the number of client polls and a large drop in idle proxies. The other graph shows something similar, but for the pool of proxies available to clients with restrictive NATs. Here we see that the overwhelming majority of clients are being denied because all of the proxies are used. To some extent, we expect this and have seen it in the past, particularly for the pool of proxies for clients with restrictive NATs. The pattern follows a natural day-long period, and the number of denied clients never gets so high that a client won't get a proxy after 2-3 tries. However, these attached graphs go back 48 hours and show how much bigger the spike in clients is over the last day. At the peak of the spike, there were 5x as many clients requesting snowflake proxies from the restrictive pool as we had proxies to match. Perhaps this is a good time to push to get more proxies? It seems we could use proxies for both restrictive and unrestrictive NATs at this point. Cecylia [0] https://lists.torproject.org/pipermail/anti-censorship-alerts/2022-February…

1 1

2024

2023

2022

2021

2020

2019

anti-censorship-team